Added exception handling and test for key/secret not present

2025-05-15 01:08:31 +00:00 · 2017-12-26 20:35:51 +05:30 · 2017-12-26 20:35:51 +05:30 · a5e18cc4f4
commit a5e18cc4f4
parent 99f3c1db86
4 changed files with 42 additions and 12 deletions
--- a/include/jwt/exceptions.hpp
+++ b/include/jwt/exceptions.hpp
@ -58,17 +58,31 @@ public:

 /**
 */
-class SignatureFormatError final : public std::runtime_error
+class SignatureFormatError final : public DecodeError
 {
 public:
  /**
   */
  SignatureFormatError(std::string msg)
-    : std::runtime_error(std::move(msg))
+    : DecodeError(std::move(msg))
  {
  }
 };

+/**
+ */
+class KeyNotPresentError final : public DecodeError
+{
+public:
+  /**
+   */
+  KeyNotPresentError(std::string msg)
+    : DecodeError(std::move(msg))
+  {
+  }
+};
+
+
 /**
 */
 class VerificationError : public std::runtime_error
--- a/include/jwt/impl/jwt.ipp
+++ b/include/jwt/impl/jwt.ipp
@ -581,15 +581,6 @@ jwt_object decode(const string_view enc_str,
      ec = DecodeErrc::SignatureFormatError;
      return obj;
    }
-
-    if (!dparams.has_secret) {
-      ec = DecodeErrc::KeyNotPresent;
-      return obj;
-    }
-  } else {
-    if (dparams.has_secret) {
-      ec = DecodeErrc::KeyNotRequiredForNoneAlg;
-    }
  }

  //throws decode error
@ -607,7 +598,12 @@ jwt_object decode(const string_view enc_str,
  }

  //Verify the signature only if some algorithm was used
-  if (obj.header().algo() != algorithm::NONE) {
+  if (obj.header().algo() != algorithm::NONE)
+  {
+    if (!dparams.has_secret) {
+      ec = DecodeErrc::KeyNotPresent;
+      return obj;
+    }
    jwt_signature jsign{dparams.secret};
 
    // Length of the encoded header and payload only.
@ -698,6 +694,10 @@ void jwt_throw_exception(const std::error_code& ec)
      {
        throw SignatureFormatError(ec.message());
      }
+      case DecodeErrc::KeyNotPresent:
+      {
+        throw KeyNotPresentError(ec.message());
+      }
      case DecodeErrc::KeyNotRequiredForNoneAlg:
      {
        // Not an error. Just to be ignored.
--- a/tests/test_jwt_decode
+++ b/tests/test_jwt_decode
--- a/tests/test_jwt_decode.cc
+++ b/tests/test_jwt_decode.cc
@ -99,6 +99,22 @@ TEST (DecodeTest, DecodeHS256)
  EXPECT_FALSE (obj.payload().has_claim_with_value(jwt::registered_claims::issued_at, 1513862372));
 }

+TEST (DecodeTest, SecretKeyNotPassed)
+{
+  using namespace jwt::params;
+
+  const char* enc_str = 
+    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9."
+    "eyJpYXQiOjE1MTM4NjIzNzEsImlkIjoiYS1iLWMtZC1lLWYtMS0yLTMiLCJpc3MiOiJhcnVuLm11cmFsaWRoYXJhbiIsInN1YiI6ImFkbWluIn0."
+    "jk7bRQKTLvs1RcuvMc2B_rt6WBYPoVPirYi_QRBPiuk";
+
+  std::error_code ec;
+  auto obj = jwt::decode(enc_str, algorithms({"none", "hs256"}), ec, verify(false));
+
+  ASSERT_TRUE (ec);
+  EXPECT_EQ (ec.value(), static_cast<int>(jwt::DecodeErrc::KeyNotPresent));
+}
+
 TEST (DecodeTest, DecodeHS384)
 {
  using namespace jwt::params;