From 7a3adece7caca26788a9528e05d0c97f480046f2 Mon Sep 17 00:00:00 2001
From: Paulo Valente <polvalente@gmail.com>
Date: Thu, 11 Jul 2019 16:27:34 -0300
Subject: [PATCH] fix: treat improper token properly (#237)

* fix: resolve Base.decode64 {:ok, :error} bleedtrough

* docs: update changelog

* docs: update changelog

* fix: copy-pasted code is now corrected

* refactor: simplify tests to deal with root cause

* refactor: rename error return to be the same as 'Joken.expand's

* refactor: rename correctly to token_malformed
---
 CHANGELOG.md        | 2 ++
 lib/joken.ex        | 8 ++++++--
 test/joken_test.exs | 6 ++++++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b5657ab..1f0492b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,8 @@
 ### Changed
 ### Fixed
 
+- (@polvalente) Fix issue where Base.decode64 made peek_claims and peek_header return out of spec (#237)
+
 ## [2.1.0] - 2019-05-27
 
 ### Added
diff --git a/lib/joken.ex b/lib/joken.ex
index a3d4da1..f819b25 100644
--- a/lib/joken.ex
+++ b/lib/joken.ex
@@ -129,10 +129,12 @@ defmodule Joken do
   @spec peek_header(bearer_token) :: {:ok, claims} | {:error, error_reason}
   def peek_header(token) when is_binary(token) do
     with {:ok, %{"protected" => protected}} <- expand(token),
-         {:ok, decoded_str} <- Base.url_decode64(protected, padding: false),
+         {:decode64, {:ok, decoded_str}} <-
+           {:decode64, Base.url_decode64(protected, padding: false)},
          header <- JOSE.json_module().decode(decoded_str) do
       {:ok, header}
     else
+      {:decode64, _error} -> {:error, :token_malformed}
       error -> error
     end
   end
@@ -148,10 +150,12 @@ defmodule Joken do
   @spec peek_claims(bearer_token) :: {:ok, claims} | {:error, error_reason}
   def peek_claims(token) when is_binary(token) do
     with {:ok, %{"payload" => payload}} <- expand(token),
-         {:ok, decoded_str} <- Base.url_decode64(payload, padding: false),
+         {:decode64, {:ok, decoded_str}} <-
+           {:decode64, Base.url_decode64(payload, padding: false)},
          claims <- JOSE.json_module().decode(decoded_str) do
       {:ok, claims}
     else
+      {:decode64, _error} -> {:error, :token_malformed}
       error -> error
     end
   end
diff --git a/test/joken_test.exs b/test/joken_test.exs
index 2109fa2..5aa5b86 100644
--- a/test/joken_test.exs
+++ b/test/joken_test.exs
@@ -161,4 +161,10 @@ defmodule JokenTest do
     assert token = Joken.generate_and_sign!(%{}, %{"some" => custom_claim}, signer)
     assert Joken.peek_claims(token) == {:ok, %{"some" => custom_claim}}
   end
+
+  test "peek_header and peek_claims give proper error upon improper token, instead of returning out of spec :error" do
+    # This test ensures that peek_header and peek_claims use Base.url_decode64 properly
+    assert {:error, :token_malformed} = Joken.peek_claims(".a.")
+    assert {:error, :token_malformed} = Joken.peek_header("a..")
+  end
 end