verify whether the payload responds to key? when veriying claims

jwt · Jul 29, 2023 · dbcb028 · dbcb028
1 parent 5f7d58e
commit dbcb028
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/lib/jwt/verify.rb b/lib/jwt/verify.rb
@@ -38,12 +38,12 @@ def verify_aud
     end
 
     def verify_expiration
-      return unless @payload.key?('exp')
+      return unless contains_key?(@payload, 'exp')
       raise(JWT::ExpiredSignature, 'Signature has expired') if @payload['exp'].to_i <= (Time.now.to_i - exp_leeway)
     end
 
     def verify_iat
-      return unless @payload.key?('iat')
+      return unless contains_key?(@payload, 'iat')
 
       iat = @payload['iat']
       raise(JWT::InvalidIatError, 'Invalid iat') if !iat.is_a?(Numeric) || iat.to_f > Time.now.to_f
@@ -77,7 +77,7 @@ def verify_jti
     end
 
     def verify_not_before
-      return unless @payload.key?('nbf')
+      return unless contains_key?(@payload, 'nbf')
       raise(JWT::ImmatureSignature, 'Signature nbf has not been reached') if @payload['nbf'].to_i > (Time.now.to_i + nbf_leeway)
     end
 
@@ -92,7 +92,7 @@ def verify_required_claims
       return unless (options_required_claims = @options[:required_claims])
 
       options_required_claims.each do |required_claim|
-        raise(JWT::MissingRequiredClaim, "Missing required claim #{required_claim}") unless @payload.key?(required_claim)
+        raise(JWT::MissingRequiredClaim, "Missing required claim #{required_claim}") unless contains_key?(@payload, required_claim)
       end
     end
 
@@ -109,5 +109,9 @@ def exp_leeway
     def nbf_leeway
       @options[:nbf_leeway] || global_leeway
     end
+
+    def contains_key?(payload, key)
+      payload.respond_to?(:key?) && payload.key?(key)
+    end
   end
 end