Skip to content

Commit

Permalink
improving code quality of jwt module
Browse files Browse the repository at this point in the history
  • Loading branch information
ab320012 committed May 4, 2018
1 parent fd7f742 commit db0be71
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 22 deletions.
Binary file added jwt-2.1.0.gem
Binary file not shown.
62 changes: 40 additions & 22 deletions lib/jwt.rb
Original file line number Diff line number Diff line change
Expand Up @@ -22,42 +22,60 @@ def encode(payload, key, algorithm = 'HS256', header_fields = {})
encoder.segments
end

def decode(jwt, key = nil, verify = true, custom_options = {}, &keyfinder)
def decode(jwt, key = nil, verify = true, options = {}, &keyfinder)
raise(JWT::DecodeError, 'Nil JSON web token') unless jwt

merged_options = DEFAULT_OPTIONS.merge(custom_options)

decoder = Decode.new jwt, verify
header, payload, signature, signing_input = decoder.decode_segments
decode_verify_signature(key, header, payload, signature, signing_input, merged_options, &keyfinder) if verify
@jwt = jwt
@key = key
@verify = verify
@options = DEFAULT_OPTIONS.merge(options)
@header,
@payload,
@signature,
@signing_input = Decode.new(jwt, verify).decode_segments
if verify?
verify_signature(&keyfinder)
verify_claims
end

Verify.verify_claims(payload, merged_options) if verify

raise(JWT::DecodeError, 'Not enough or too many segments') unless header && payload
raise(JWT::DecodeError, 'Not enough or too many segments') unless @header && @payload

[payload, header]
[@payload, @header]
end
private_class_method
def verify_signature(&keyfinder)
@key = find_key(&keyfinder) if keyfinder

def decode_verify_signature(key, header, payload, signature, signing_input, options, &keyfinder)
algo, key = signature_algorithm_and_key(header, payload, key, &keyfinder)

raise(JWT::IncorrectAlgorithm, 'An algorithm must be specified') if allowed_algorithms(options).empty?
raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') unless allowed_algorithms(options).include?(algo)
raise(JWT::IncorrectAlgorithm, 'An algorithm must be specified') if allowed_algorithms.empty?
raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') unless options_includes_algo_in_header?

Signature.verify(algo, key, signing_input, signature)
Signature.verify(@header['alg'], @key, @signing_input, @signature)
end

def signature_algorithm_and_key(header, payload, key, &keyfinder)
key = (keyfinder.arity == 2 ? yield(header, payload) : yield(header)) if keyfinder
def find_key(&keyfinder)
key = (keyfinder.arity == 2 ? yield(@header, @payload) : yield(@header))
raise JWT::DecodeError, 'No verification key available' unless key
[header['alg'], key]
key
end

def allowed_algorithms(options)
if options.key?(:algorithm)
[options[:algorithm]]
def allowed_algorithms
if @options.key?(:algorithm)
[@options[:algorithm]]
else
options[:algorithms] || []
@options[:algorithms] || []
end
end

def verify?
@verify
end

def verify_claims
Verify.verify_claims(@payload, @options)
end

def options_includes_algo_in_header?
allowed_algorithms.include? @header['alg']
end
end

0 comments on commit db0be71

Please sign in to comment.