diff --git a/include/jwt/impl/jwt.ipp b/include/jwt/impl/jwt.ipp index ee1a1de..f1b9ec7 100644 --- a/include/jwt/impl/jwt.ipp +++ b/include/jwt/impl/jwt.ipp @@ -703,34 +703,34 @@ jwt_object decode(const jwt::string_view enc_str, } if (ec) return obj; - } - //Verify the signature only if some algorithm was used - if (obj.header().algo() != algorithm::NONE) - { - if (!dparams.has_secret) { - ec = DecodeErrc::KeyNotPresent; - return obj; - } - jwt_signature jsign{dparams.secret}; + //Verify the signature only if some algorithm was used + if (obj.header().algo() != algorithm::NONE) + { + if (!dparams.has_secret) { + ec = DecodeErrc::KeyNotPresent; + return obj; + } + jwt_signature jsign{dparams.secret}; - // Length of the encoded header and payload only. - // Addition of '1' to account for the '.' character. - auto l = parts[0].length() + 1 + parts[1].length(); + // Length of the encoded header and payload only. + // Addition of '1' to account for the '.' character. + auto l = parts[0].length() + 1 + parts[1].length(); - //MemoryAllocationError is not caught - verify_result_t res = jsign.verify(obj.header(), enc_str.substr(0, l), parts[2]); - if (res.second) { - ec = res.second; - return obj; - } + //MemoryAllocationError is not caught + verify_result_t res = jsign.verify(obj.header(), enc_str.substr(0, l), parts[2]); + if (res.second) { + ec = res.second; + return obj; + } - if (!res.first) { - ec = VerificationErrc::InvalidSignature; - return obj; + if (!res.first) { + ec = VerificationErrc::InvalidSignature; + return obj; + } + } else { + ec = AlgorithmErrc::NoneAlgorithmUsed; } - } else { - ec = AlgorithmErrc::NoneAlgorithmUsed; } return obj; diff --git a/tests/test_jwt_decode.cc b/tests/test_jwt_decode.cc index 4d8e4cb..b84e9e9 100644 --- a/tests/test_jwt_decode.cc +++ b/tests/test_jwt_decode.cc @@ -19,10 +19,10 @@ TEST (DecodeTest, DecodeNoneAlgSign) { using namespace jwt::params; const char* enc_str = - "eyJhbGciOiJOT05FIiwidHlwIjoiSldUIn0.eyJhdWQiOiJyaWZ0LmlvIiwiZXhwIjoxNTEzODYzMzcxLCJzdWIiOiJub3RoaW5nIG11Y2gifQ."; + "eyJhbGciOiJOT05FIiwidHlwIjoiSldUIn0.eyJhdWQiOiJyaWZ0LmlvIiwiZXhwIjo0NTEzODYzMzcxLCJzdWIiOiJub3RoaW5nIG11Y2gifQ."; std::error_code ec; - auto obj = jwt::decode(enc_str, algorithms({"none"}), ec, verify(false)); + auto obj = jwt::decode(enc_str, algorithms({"none"}), ec, verify(true)); EXPECT_TRUE (ec); EXPECT_EQ (ec.value(), static_cast(jwt::AlgorithmErrc::NoneAlgorithmUsed)); @@ -34,7 +34,7 @@ TEST (DecodeTest, DecodeNoneAlgSign) EXPECT_TRUE (obj.has_claim("aud")); EXPECT_TRUE (obj.has_claim("exp")); - EXPECT_EQ (obj.payload().get_claim_value("exp"), static_cast(1513863371)); + EXPECT_EQ (obj.payload().get_claim_value("exp"), static_cast(4513863371)); } TEST (DecodeTest, DecodeWrongAlgo) @@ -111,7 +111,7 @@ TEST (DecodeTest, SecretKeyNotPassed) "jk7bRQKTLvs1RcuvMc2B_rt6WBYPoVPirYi_QRBPiuk"; std::error_code ec; - auto obj = jwt::decode(enc_str, algorithms({"none", "hs256"}), ec, verify(false)); + auto obj = jwt::decode(enc_str, algorithms({"none", "hs256"}), ec, verify(true)); ASSERT_TRUE (ec); EXPECT_EQ (ec.value(), static_cast(jwt::DecodeErrc::KeyNotPresent)); diff --git a/tests/test_jwt_decode_verifiy_with_exception.cc b/tests/test_jwt_decode_verifiy_with_exception.cc index ec0ce9a..5c52a76 100644 --- a/tests/test_jwt_decode_verifiy_with_exception.cc +++ b/tests/test_jwt_decode_verifiy_with_exception.cc @@ -160,7 +160,7 @@ TEST (DecodeVerifyExp, KeyNotPresentTest) "eyJpYXQiOjE1MTM4NjIzNzEsImlkIjoiYS1iLWMtZC1lLWYtMS0yLTMiLCJpc3MiOiJhcnVuLm11cmFsaWRoYXJhbiIsInN1YiI6ImFkbWluIn0." "jk7bRQKTLvs1RcuvMc2B_rt6WBYPoVPirYi_QRBPiuk"; - EXPECT_THROW (jwt::decode(enc_str, algorithms({"none", "hs256"}), verify(false)), + EXPECT_THROW (jwt::decode(enc_str, algorithms({"none", "hs256"}), verify(true)), jwt::KeyNotPresentError); } diff --git a/tests/test_jwt_encode.cc b/tests/test_jwt_encode.cc index ccb7584..a6bfcdd 100644 --- a/tests/test_jwt_encode.cc +++ b/tests/test_jwt_encode.cc @@ -286,7 +286,7 @@ TEST (EncodeTest, HeaderParamTest) std::error_code ec; auto enc_str = obj.signature(); - auto dec_obj = jwt::decode(enc_str, algorithms({"none"}), ec, verify(false)); + auto dec_obj = jwt::decode(enc_str, algorithms({"none"}), ec, verify(true)); EXPECT_EQ (ec.value(), static_cast(jwt::AlgorithmErrc::NoneAlgorithmUsed)); std::cout << dec_obj.header() << std::endl;