Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Claims Validation #287

Closed
wants to merge 4 commits into from
Closed

Claims Validation #287

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0acb335
simplify .base64url_encode method
jamesstonehill Sep 18, 2018
19b38f9
add claims validator
jamesstonehill Sep 18, 2018
d6d5722
remove Manifest file
jamesstonehill Sep 18, 2018
42b8db1
Merge branch 'master' into options-handling
excpt Jan 21, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 0 additions & 8 deletions Manifest
View file
Open in desktop

This file was deleted.

23 changes: 23 additions & 0 deletions lib/jwt/claims_validator.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# frozen_string_literal: true

require_relative './error'

module JWT
class ClaimsValidator
def initialize(payload)
@payload = payload.each_with_object({}) { |(k, v), h| h[k.to_sym] = v }
jamesstonehill marked this conversation as resolved.
Show resolved Hide resolved
jamesstonehill marked this conversation as resolved.
Show resolved Hide resolved
jamesstonehill marked this conversation as resolved.
Show resolved Hide resolved
end

def validate
validate_exp if @payload[:exp]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You have to check that the key actually is present in the payload, this row is now checking if the value returned from the hash is thruthy.

I think this will not validate cases where exp is false or nil eg:

{ exp: false }

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch


true
end

private

def validate_exp
raise InvalidPayload, 'exp claim must be an integer' unless @payload[:exp].is_a?(Integer)
end
end
end
31 changes: 31 additions & 0 deletions spec/jwt/claims_validator_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
require 'spec_helper'
require 'jwt/claims_validator'

RSpec.describe JWT::ClaimsValidator do
describe '#validate' do
it 'returns true if the payload is valid' do
valid_payload = { 'exp' => 12345 }
subject = described_class.new(valid_payload)

expect(subject.validate).to eq(true)
end

it 'raises an error when the value of the exp claim is a string' do
subject = described_class.new({ exp: '1' })
expect { subject.validate }.to raise_error JWT::InvalidPayload
end

it 'raises an error when the value of the exp claim is a Time object' do
subject = described_class.new({ exp: Time.now })
expect { subject.validate }.to raise_error JWT::InvalidPayload
end

it 'validates the exp when the exp key is either a string or a symbol' do
symbol = described_class.new({ exp: true })
expect { symbol.validate }.to raise_error JWT::InvalidPayload

string = described_class.new({ 'exp' => true })
expect { string.validate }.to raise_error JWT::InvalidPayload
end
end
end