eden-emu/cpp-jwt
14
0
Fork 0
mirror of https://github.com/arun11299/cpp-jwt.git synced 2025-05-14 16:58:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Why does the existence of a signature algorithm entail a required verification? #24

Browse source
This commit is contained in:
Arun M 2018-05-31 20:36:07 +05:30
parent b1140707cc
commit 87dcef903f
4 changed files with 29 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

2
include/jwt/impl/jwt.ipp
View file

@ -703,7 +703,6 @@ jwt_object decode(const jwt::string_view enc_str,
}
if (ec) return obj;
}
//Verify the signature only if some algorithm was used
if (obj.header().algo() != algorithm::NONE)
@ -732,6 +731,7 @@ jwt_object decode(const jwt::string_view enc_str,
} else {
ec = AlgorithmErrc::NoneAlgorithmUsed;
}
}
return obj;
}

8
tests/test_jwt_decode.cc
View file

@ -19,10 +19,10 @@ TEST (DecodeTest, DecodeNoneAlgSign)
{
using namespace jwt::params;
const char* enc_str =
"eyJhbGciOiJOT05FIiwidHlwIjoiSldUIn0.eyJhdWQiOiJyaWZ0LmlvIiwiZXhwIjoxNTEzODYzMzcxLCJzdWIiOiJub3RoaW5nIG11Y2gifQ.";
"eyJhbGciOiJOT05FIiwidHlwIjoiSldUIn0.eyJhdWQiOiJyaWZ0LmlvIiwiZXhwIjo0NTEzODYzMzcxLCJzdWIiOiJub3RoaW5nIG11Y2gifQ.";
std::error_code ec;
auto obj = jwt::decode(enc_str, algorithms({"none"}), ec, verify(false));
auto obj = jwt::decode(enc_str, algorithms({"none"}), ec, verify(true));
EXPECT_TRUE (ec);
EXPECT_EQ (ec.value(), static_cast<int>(jwt::AlgorithmErrc::NoneAlgorithmUsed));
@ -34,7 +34,7 @@ TEST (DecodeTest, DecodeNoneAlgSign)
EXPECT_TRUE (obj.has_claim("aud"));
EXPECT_TRUE (obj.has_claim("exp"));
EXPECT_EQ (obj.payload().get_claim_value<uint64_t>("exp"), static_cast<uint64_t>(1513863371));
EXPECT_EQ (obj.payload().get_claim_value<uint64_t>("exp"), static_cast<uint64_t>(4513863371));
}
TEST (DecodeTest, DecodeWrongAlgo)
@ -111,7 +111,7 @@ TEST (DecodeTest, SecretKeyNotPassed)
"jk7bRQKTLvs1RcuvMc2B_rt6WBYPoVPirYi_QRBPiuk";
std::error_code ec;
auto obj = jwt::decode(enc_str, algorithms({"none", "hs256"}), ec, verify(false));
auto obj = jwt::decode(enc_str, algorithms({"none", "hs256"}), ec, verify(true));
ASSERT_TRUE (ec);
EXPECT_EQ (ec.value(), static_cast<int>(jwt::DecodeErrc::KeyNotPresent));

2
tests/test_jwt_decode_verifiy_with_exception.cc
View file

@ -160,7 +160,7 @@ TEST (DecodeVerifyExp, KeyNotPresentTest)
"eyJpYXQiOjE1MTM4NjIzNzEsImlkIjoiYS1iLWMtZC1lLWYtMS0yLTMiLCJpc3MiOiJhcnVuLm11cmFsaWRoYXJhbiIsInN1YiI6ImFkbWluIn0."
"jk7bRQKTLvs1RcuvMc2B_rt6WBYPoVPirYi_QRBPiuk";
EXPECT_THROW (jwt::decode(enc_str, algorithms({"none", "hs256"}), verify(false)),
EXPECT_THROW (jwt::decode(enc_str, algorithms({"none", "hs256"}), verify(true)),
jwt::KeyNotPresentError);
}

2
tests/test_jwt_encode.cc
View file

@ -286,7 +286,7 @@ TEST (EncodeTest, HeaderParamTest)
std::error_code ec;
auto enc_str = obj.signature();
auto dec_obj = jwt::decode(enc_str, algorithms({"none"}), ec, verify(false));
auto dec_obj = jwt::decode(enc_str, algorithms({"none"}), ec, verify(true));
EXPECT_EQ (ec.value(), static_cast<int>(jwt::AlgorithmErrc::NoneAlgorithmUsed));
std::cout << dec_obj.header() << std::endl;