jsonwebtoken/src/lib.rs

//! Create and parses JWT (JSON Web Tokens)
//!

#![cfg_attr(feature = "dev", allow(unstable_features))]
#![cfg_attr(feature = "dev", feature(plugin))]
#![cfg_attr(feature = "dev", plugin(clippy))]

extern crate rustc_serialize;
extern crate crypto;

use rustc_serialize::{json, Encodable, Decodable};
use rustc_serialize::base64::{self, ToBase64, FromBase64};
use rustc_serialize::json::{ToJson, Json};
use crypto::sha2::{Sha256, Sha384, Sha512};
use crypto::hmac::Hmac;
use crypto::mac::Mac;
use crypto::digest::Digest;
use crypto::util::fixed_time_eq;

pub mod errors;
use errors::Error;
use std::collections::BTreeMap;

#[derive(Debug, PartialEq, Copy, Clone, RustcDecodable, RustcEncodable)]
/// The algorithms supported for signing/verifying
pub enum Algorithm {
    HS256,
    HS384,
    HS512
}

impl ToJson for Algorithm {
    fn to_json(&self) -> Json {
        match *self {
            Algorithm::HS256 => Json::String("HS256".to_owned()),
            Algorithm::HS384 => Json::String("HS384".to_owned()),
            Algorithm::HS512 => Json::String("HS512".to_owned()),
        }
    }
}

/// A part of the JWT: header and claims specifically
/// Allows converting from/to struct with base64
pub trait Part {
    type Encoded: AsRef<str>;

    fn from_base64<B: AsRef<[u8]>>(encoded: B) -> Result<Self, Error> where Self: Sized;
    fn to_base64(&self) -> Result<Self::Encoded, Error>;
}

impl<T> Part for T where T: Encodable + Decodable {
    type Encoded = String;

    fn to_base64(&self) -> Result<Self::Encoded, Error> {
        let encoded = try!(json::encode(&self));
        Ok(encoded.as_bytes().to_base64(base64::URL_SAFE))
    }

    fn from_base64<B: AsRef<[u8]>>(encoded: B) -> Result<T, Error> {
        let decoded = try!(encoded.as_ref().from_base64());
        let s = try!(String::from_utf8(decoded));
        Ok(try!(json::decode(&s)))
    }
}

#[derive(Debug, PartialEq, RustcDecodable)]
/// A basic JWT header part, the alg defaults to HS256 and typ is automatically
/// set to `JWT`. All the other fields are optional
pub struct Header {
    typ: String,
    pub alg: Algorithm,
    pub jku: Option<String>,
    pub kid: Option<String>,
    pub x5u: Option<String>,
    pub x5t: Option<String>
}

impl Header {
    pub fn new(algorithm: Algorithm) -> Header {
        Header {
            typ: "JWT".to_owned(),
            alg: algorithm,
            jku: None,
            kid: None,
            x5u: None,
            x5t: None
        }
    }
}

impl Default for Header {
    fn default() -> Header {
        Header::new(Algorithm::HS256)
    }
}

impl Encodable for Header {
    fn encode<S: rustc_serialize::Encoder>(&self, s: &mut S) -> Result<(), S::Error> {
        self.to_json().encode(s)
    }
}

impl ToJson for Header {
    fn to_json(&self) -> Json {
        let mut d = BTreeMap::new();
        d.insert("typ".to_string(), self.typ.to_json());
        d.insert("alg".to_string(), self.alg.to_json());

        // Define a macro to reduce boilerplate.
        macro_rules! optional {
            ($field_name:ident) => (
                if let Some(ref value) = self.$field_name {
                    d.insert(stringify!($field_name).to_string(), value.to_json());
                }
            )
        }
        optional!(jku);
        optional!(kid);
        optional!(x5u);
        optional!(x5t);
        Json::Object(d)
    }
}

#[derive(Debug)]
/// The return type of a successful call to decode(...)
pub struct TokenData<T: Part> {
    pub header: Header,
    pub claims: T
}

/// Take the payload of a JWT and sign it using the algorithm given.
/// Returns the base64 url safe encoded of the hmac result
pub fn sign(data: &str, secret: &[u8], algorithm: Algorithm) -> String {
    fn crypt<D: Digest>(digest: D, data: &str, secret: &[u8]) -> String {
        let mut hmac = Hmac::new(digest, secret);
        hmac.input(data.as_bytes());
        hmac.result().code().to_base64(base64::URL_SAFE)
    }

    match algorithm {
        Algorithm::HS256 => crypt(Sha256::new(), data, secret),
        Algorithm::HS384 => crypt(Sha384::new(), data, secret),
        Algorithm::HS512 => crypt(Sha512::new(), data, secret),
    }
}

/// Compares the signature given with a re-computed signature
pub fn verify(signature: &str, data: &str, secret: &[u8], algorithm: Algorithm) -> bool {
    fixed_time_eq(signature.as_ref(), sign(data, secret, algorithm).as_ref())
}

/// Encode the claims passed and sign the payload using the algorithm from the header and the secret
pub fn encode<T: Part>(header: Header, claims: &T, secret: &[u8]) -> Result<String, Error> {
    let encoded_header = try!(header.to_base64());
    let encoded_claims = try!(claims.to_base64());
    // seems to be a tiny bit faster than format!("{}.{}", x, y)
    let payload = [encoded_header.as_ref(), encoded_claims.as_ref()].join(".");
    let signature = sign(&*payload, secret.as_ref(), header.alg);

    Ok([payload, signature].join("."))
}

/// Used in decode: takes the result of a rsplit and ensure we only get 2 parts
/// Errors if we don't
macro_rules! expect_two {
    ($iter:expr) => {{
        let mut i = $iter; // evaluate the expr
        match (i.next(), i.next(), i.next()) {
            (Some(first), Some(second), None) => (first, second),
            _ => return Err(Error::InvalidToken)
        }
    }}
}

/// Decode a token into a Claims struct
/// If the token or its signature is invalid, it will return an error
pub fn decode<T: Part>(token: &str, secret: &[u8], algorithm: Algorithm) -> Result<TokenData<T>, Error> {
    let (signature, payload) = expect_two!(token.rsplitn(2, '.'));

    let is_valid = verify(
        signature,
        payload,
        secret,
        algorithm
    );

    if !is_valid {
        return Err(Error::InvalidSignature);
    }

    let (claims, header) = expect_two!(payload.rsplitn(2, '.'));

    let header = try!(Header::from_base64(header));
    if header.alg != algorithm {
        return Err(Error::WrongAlgorithmHeader);
    }
    let decoded_claims = try!(T::from_base64(claims));

    Ok(TokenData { header: header, claims: decoded_claims})
}

#[cfg(test)]
mod tests {
    use super::{encode, decode, Algorithm, Header, sign, verify};

    #[derive(Debug, PartialEq, Clone, RustcEncodable, RustcDecodable)]
    struct Claims {
        sub: String,
        company: String
    }

    #[test]
    fn sign_hs256() {
        let result = sign("hello world", b"secret", Algorithm::HS256);
        let expected = "c0zGLzKEFWj0VxWuufTXiRMk5tlI5MbGDAYhzaxIYjo";
        assert_eq!(result, expected);
    }

    #[test]
    fn verify_hs256() {
        let sig = "c0zGLzKEFWj0VxWuufTXiRMk5tlI5MbGDAYhzaxIYjo";
        let valid = verify(sig, "hello world", b"secret", Algorithm::HS256);
        assert!(valid);
    }

    #[test]
    fn encode_with_custom_header() {
        // TODO: test decode value
        let my_claims = Claims {
            sub: "b@b.com".to_owned(),
            company: "ACME".to_owned()
        };
        let mut header = Header::default();
        header.kid = Some("kid".to_owned());
        let token = encode(header, &my_claims, "secret".as_ref()).unwrap();
        let token_data = decode::<Claims>(&token, "secret".as_ref(), Algorithm::HS256).unwrap();
        assert_eq!(my_claims, token_data.claims);
        assert_eq!("kid", token_data.header.kid.unwrap());
    }

    #[test]
    fn round_trip_claim() {
        let my_claims = Claims {
            sub: "b@b.com".to_owned(),
            company: "ACME".to_owned()
        };
        let token = encode(Header::default(), &my_claims, "secret".as_ref()).unwrap();
        let token_data = decode::<Claims>(&token, "secret".as_ref(), Algorithm::HS256).unwrap();
        assert_eq!(my_claims, token_data.claims);
        assert!(token_data.header.kid.is_none());
    }

    #[test]
    fn decode_token() {
        let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUifQ.I1BvFoHe94AFf09O6tDbcSB8-jp8w6xZqmyHIwPeSdY";
        let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256);
        claims.unwrap();
    }

    #[test]
    #[should_panic(expected = "InvalidToken")]
    fn decode_token_missing_parts() {
        let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9";
        let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256);
        claims.unwrap();
    }

    #[test]
    #[should_panic(expected = "InvalidSignature")]
    fn decode_token_invalid_signature() {
        let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUifQ.wrong";
        let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256);
        claims.unwrap();
    }

    #[test]
    #[should_panic(expected = "WrongAlgorithmHeader")]
    fn decode_token_wrong_algorithm() {
        let token = "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUifQ.pKscJVk7-aHxfmQKlaZxh5uhuKhGMAa-1F5IX5mfUwI";
        let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256);
        claims.unwrap();
    }

    #[test]
    fn decode_token_with_bytes_secret() {
        let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiY29tcGFueSI6Ikdvb2dvbCJ9.27QxgG96vpX4akKNpD1YdRGHE3_u2X35wR3EHA2eCrs";
        let claims = decode::<Claims>(token, b"\x01\x02\x03", Algorithm::HS256);
        assert!(claims.is_ok());
    }

    #[test]
    fn decode_token_with_shuffled_header_fields() {
        let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb21wYW55IjoiMTIzNDU2Nzg5MCIsInN1YiI6IkpvaG4gRG9lIn0.SEIZ4Jg46VGhquuwPYDLY5qHF8AkQczF14aXM3a2c28";
        let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256);
        assert!(claims.is_ok());
    }
}
Initial commit 2015-10-31 11:37:15 -04:00			`//! Create and parses JWT (JSON Web Tokens)`
			`//!`

			`#![cfg_attr(feature = "dev", allow(unstable_features))]`
			`#![cfg_attr(feature = "dev", feature(plugin))]`
			`#![cfg_attr(feature = "dev", plugin(clippy))]`

			`extern crate rustc_serialize;`
wip crypto 2015-11-01 14:32:43 -05:00			`extern crate crypto;`

			`use rustc_serialize::{json, Encodable, Decodable};`
			`use rustc_serialize::base64::{self, ToBase64, FromBase64};`
custom json encoder omits None when serializing 2016-03-19 06:40:58 -04:00			`use rustc_serialize::json::{ToJson, Json};`
Add sha384 and sha512 Thanks to irc user durka42 2015-11-02 17:34:20 -05:00			`use crypto::sha2::{Sha256, Sha384, Sha512};`
wip crypto 2015-11-01 14:32:43 -05:00			`use crypto::hmac::Hmac;`
			`use crypto::mac::Mac;`
			`use crypto::digest::Digest;`
Use constant time comparison for hmacs, see MacResult::code for warning 2015-11-05 12:45:43 -05:00			`use crypto::util::fixed_time_eq;`
Initial commit 2015-10-31 11:37:15 -04:00
			`pub mod errors;`
wip crypto 2015-11-01 14:32:43 -05:00			`use errors::Error;`
custom json encoder omits None when serializing 2016-03-19 06:40:58 -04:00			`use std::collections::BTreeMap;`
Initial commit 2015-10-31 11:37:15 -04:00
Add all params of header from RFC 2015-12-18 16:07:48 -05:00			`#[derive(Debug, PartialEq, Copy, Clone, RustcDecodable, RustcEncodable)]`
Make Algorithm encodable/decodable rather than using String 2015-11-02 18:12:01 -05:00			`/// The algorithms supported for signing/verifying`
Initial commit 2015-10-31 11:37:15 -04:00			`pub enum Algorithm {`
Add mini docs 2015-11-01 17:59:42 -05:00			`HS256,`
Add sha384 and sha512 Thanks to irc user durka42 2015-11-02 17:34:20 -05:00			`HS384,`
			`HS512`
Initial commit 2015-10-31 11:37:15 -04:00			`}`

custom json encoder omits None when serializing 2016-03-19 06:40:58 -04:00			`impl ToJson for Algorithm {`
			`fn to_json(&self) -> Json {`
Release 1.1.1 2016-03-29 11:28:57 -04:00			`match *self {`
			`Algorithm::HS256 => Json::String("HS256".to_owned()),`
			`Algorithm::HS384 => Json::String("HS384".to_owned()),`
			`Algorithm::HS512 => Json::String("HS512".to_owned()),`
custom json encoder omits None when serializing 2016-03-19 06:40:58 -04:00			`}`
			`}`
			`}`

Add mini docs 2015-11-01 17:59:42 -05:00			`/// A part of the JWT: header and claims specifically`
			`/// Allows converting from/to struct with base64`
wip crypto 2015-11-01 14:32:43 -05:00			`pub trait Part {`
Allow custom encoded types for Part 2015-11-05 14:34:08 -05:00			`type Encoded: AsRef<str>;`

Weaken parameter requirements for Part::from_base64 2015-11-05 11:22:04 -05:00			`fn from_base64<B: AsRef<[u8]>>(encoded: B) -> Result<Self, Error> where Self: Sized;`
Allow custom encoded types for Part 2015-11-05 14:34:08 -05:00			`fn to_base64(&self) -> Result<Self::Encoded, Error>;`
wip crypto 2015-11-01 14:32:43 -05:00			`}`
Initial commit 2015-10-31 11:37:15 -04:00
wip crypto 2015-11-01 14:32:43 -05:00			`impl<T> Part for T where T: Encodable + Decodable {`
Allow custom encoded types for Part 2015-11-05 14:34:08 -05:00			`type Encoded = String;`

			`fn to_base64(&self) -> Result<Self::Encoded, Error> {`
wip crypto 2015-11-01 14:32:43 -05:00			`let encoded = try!(json::encode(&self));`
Add basic working code 2015-11-01 17:31:46 -05:00			`Ok(encoded.as_bytes().to_base64(base64::URL_SAFE))`
wip crypto 2015-11-01 14:32:43 -05:00			`}`

Weaken parameter requirements for Part::from_base64 2015-11-05 11:22:04 -05:00			`fn from_base64<B: AsRef<[u8]>>(encoded: B) -> Result<T, Error> {`
			`let decoded = try!(encoded.as_ref().from_base64());`
wip crypto 2015-11-01 14:32:43 -05:00			`let s = try!(String::from_utf8(decoded));`
			`Ok(try!(json::decode(&s)))`
			`}`
			`}`

custom json encoder omits None when serializing 2016-03-19 06:40:58 -04:00			`#[derive(Debug, PartialEq, RustcDecodable)]`
Move macro out of decode + some docstring changes 2015-12-19 20:03:20 -05:00			`/// A basic JWT header part, the alg defaults to HS256 and typ is automatically`
			/// set to `JWT`. All the other fields are optional
wip crypto 2015-11-01 14:32:43 -05:00			`pub struct Header {`
Add all params of header from RFC 2015-12-18 16:07:48 -05:00			`typ: String,`
Change order of encode method args + make alg field public 2015-12-21 14:23:10 -05:00			`pub alg: Algorithm,`
More examples + fix header struct access 2015-12-19 20:16:52 -05:00			`pub jku: Option<String>,`
			`pub kid: Option<String>,`
			`pub x5u: Option<String>,`
			`pub x5t: Option<String>`
wip crypto 2015-11-01 14:32:43 -05:00			`}`

			`impl Header {`
Make Algorithm encodable/decodable rather than using String 2015-11-02 18:12:01 -05:00			`pub fn new(algorithm: Algorithm) -> Header {`
wip crypto 2015-11-01 14:32:43 -05:00			`Header {`
Add all params of header from RFC 2015-12-18 16:07:48 -05:00			`typ: "JWT".to_owned(),`
wip crypto 2015-11-01 14:32:43 -05:00			`alg: algorithm,`
Add all params of header from RFC 2015-12-18 16:07:48 -05:00			`jku: None,`
			`kid: None,`
			`x5u: None,`
			`x5t: None`
wip crypto 2015-11-01 14:32:43 -05:00			`}`
			`}`
			`}`

Add all params of header from RFC 2015-12-18 16:07:48 -05:00			`impl Default for Header {`
			`fn default() -> Header {`
			`Header::new(Algorithm::HS256)`
Precompute headers 2015-11-05 14:29:42 -05:00			`}`
Add all params of header from RFC 2015-12-18 16:07:48 -05:00			`}`
Precompute headers 2015-11-05 14:29:42 -05:00
custom json encoder omits None when serializing 2016-03-19 06:40:58 -04:00			`impl Encodable for Header {`
			`fn encode<S: rustc_serialize::Encoder>(&self, s: &mut S) -> Result<(), S::Error> {`
			`self.to_json().encode(s)`
			`}`
			`}`

			`impl ToJson for Header {`
			`fn to_json(&self) -> Json {`
			`let mut d = BTreeMap::new();`
			`d.insert("typ".to_string(), self.typ.to_json());`
			`d.insert("alg".to_string(), self.alg.to_json());`

			`// Define a macro to reduce boilerplate.`
			`macro_rules! optional {`
			`($field_name:ident) => (`
Release 1.1.1 2016-03-29 11:28:57 -04:00			`if let Some(ref value) = self.$field_name {`
			`d.insert(stringify!($field_name).to_string(), value.to_json());`
custom json encoder omits None when serializing 2016-03-19 06:40:58 -04:00			`}`
			`)`
			`}`
			`optional!(jku);`
			`optional!(kid);`
			`optional!(x5u);`
			`optional!(x5t);`
			`Json::Object(d)`
			`}`
			`}`

Add all params of header from RFC 2015-12-18 16:07:48 -05:00			`#[derive(Debug)]`
Move macro out of decode + some docstring changes 2015-12-19 20:03:20 -05:00			`/// The return type of a successful call to decode(...)`
Add all params of header from RFC 2015-12-18 16:07:48 -05:00			`pub struct TokenData<T: Part> {`
More examples + fix header struct access 2015-12-19 20:16:52 -05:00			`pub header: Header,`
			`pub claims: T`
Precompute headers 2015-11-05 14:29:42 -05:00			`}`

Add mini docs 2015-11-01 17:59:42 -05:00			`/// Take the payload of a JWT and sign it using the algorithm given.`
			`/// Returns the base64 url safe encoded of the hmac result`
Expose sign() and verify() 2016-04-24 03:18:26 -04:00			`pub fn sign(data: &str, secret: &[u8], algorithm: Algorithm) -> String {`
Add sha384 and sha512 Thanks to irc user durka42 2015-11-02 17:34:20 -05:00			`fn crypt<D: Digest>(digest: D, data: &str, secret: &[u8]) -> String {`
			`let mut hmac = Hmac::new(digest, secret);`
			`hmac.input(data.as_bytes());`
			`hmac.result().code().to_base64(base64::URL_SAFE)`
			`}`

			`match algorithm {`
			`Algorithm::HS256 => crypt(Sha256::new(), data, secret),`
			`Algorithm::HS384 => crypt(Sha384::new(), data, secret),`
			`Algorithm::HS512 => crypt(Sha512::new(), data, secret),`
			`}`
Add basic working code 2015-11-01 17:31:46 -05:00			`}`

Add mini docs 2015-11-01 17:59:42 -05:00			`/// Compares the signature given with a re-computed signature`
Expose sign() and verify() 2016-04-24 03:18:26 -04:00			`pub fn verify(signature: &str, data: &str, secret: &[u8], algorithm: Algorithm) -> bool {`
Use constant time comparison for hmacs, see MacResult::code for warning 2015-11-05 12:45:43 -05:00			`fixed_time_eq(signature.as_ref(), sign(data, secret, algorithm).as_ref())`
wip crypto 2015-11-01 14:32:43 -05:00			`}`

Move macro out of decode + some docstring changes 2015-12-19 20:03:20 -05:00			`/// Encode the claims passed and sign the payload using the algorithm from the header and the secret`
Change order of encode method args + make alg field public 2015-12-21 14:23:10 -05:00			`pub fn encode<T: Part>(header: Header, claims: &T, secret: &[u8]) -> Result<String, Error> {`
Add all params of header from RFC 2015-12-18 16:07:48 -05:00			`let encoded_header = try!(header.to_base64());`
wip crypto 2015-11-01 14:32:43 -05:00			`let encoded_claims = try!(claims.to_base64());`
			`// seems to be a tiny bit faster than format!("{}.{}", x, y)`
Add all params of header from RFC 2015-12-18 16:07:48 -05:00			`let payload = [encoded_header.as_ref(), encoded_claims.as_ref()].join(".");`
			`let signature = sign(&*payload, secret.as_ref(), header.alg);`
Add basic working code 2015-11-01 17:31:46 -05:00
			`Ok([payload, signature].join("."))`
wip crypto 2015-11-01 14:32:43 -05:00			`}`
Initial commit 2015-10-31 11:37:15 -04:00
Move macro out of decode + some docstring changes 2015-12-19 20:03:20 -05:00			`/// Used in decode: takes the result of a rsplit and ensure we only get 2 parts`
			`/// Errors if we don't`
			`macro_rules! expect_two {`
			`($iter:expr) => {{`
			`let mut i = $iter; // evaluate the expr`
			`match (i.next(), i.next(), i.next()) {`
			`(Some(first), Some(second), None) => (first, second),`
			`_ => return Err(Error::InvalidToken)`
			`}`
			`}}`
			`}`

Add mini docs 2015-11-01 17:59:42 -05:00			`/// Decode a token into a Claims struct`
			`/// If the token or its signature is invalid, it will return an error`
Add all params of header from RFC 2015-12-18 16:07:48 -05:00			`pub fn decode<T: Part>(token: &str, secret: &[u8], algorithm: Algorithm) -> Result<TokenData<T>, Error> {`
Rewrite decode 2015-11-05 13:09:39 -05:00			`let (signature, payload) = expect_two!(token.rsplitn(2, '.'));`

Add basic working code 2015-11-01 17:31:46 -05:00			`let is_valid = verify(`
Rewrite decode 2015-11-05 13:09:39 -05:00			`signature,`
			`payload,`
Allow non-UTF8 keys for decoding too 2015-12-13 10:29:12 -05:00			`secret,`
Add basic working code 2015-11-01 17:31:46 -05:00			`algorithm`
			`);`

			`if !is_valid {`
			`return Err(Error::InvalidSignature);`
			`}`

Rewrite decode 2015-11-05 13:09:39 -05:00			`let (claims, header) = expect_two!(payload.rsplitn(2, '.'));`

			`let header = try!(Header::from_base64(header));`
Make Algorithm encodable/decodable rather than using String 2015-11-02 18:12:01 -05:00			`if header.alg != algorithm {`
Uncomment alg comparison 2015-11-02 16:22:21 -05:00			`return Err(Error::WrongAlgorithmHeader);`
			`}`
Add all params of header from RFC 2015-12-18 16:07:48 -05:00			`let decoded_claims = try!(T::from_base64(claims));`
Add mini docs 2015-11-01 17:59:42 -05:00
Add all params of header from RFC 2015-12-18 16:07:48 -05:00			`Ok(TokenData { header: header, claims: decoded_claims})`
Add basic working code 2015-11-01 17:31:46 -05:00			`}`
Initial commit 2015-10-31 11:37:15 -04:00
			`#[cfg(test)]`
			`mod tests {`
Add all params of header from RFC 2015-12-18 16:07:48 -05:00			`use super::{encode, decode, Algorithm, Header, sign, verify};`
wip crypto 2015-11-01 14:32:43 -05:00
Add basic working code 2015-11-01 17:31:46 -05:00			`#[derive(Debug, PartialEq, Clone, RustcEncodable, RustcDecodable)]`
			`struct Claims {`
			`sub: String,`
			`company: String`
			`}`

wip crypto 2015-11-01 14:32:43 -05:00			`#[test]`
			`fn sign_hs256() {`
Minor test cleanup 2015-11-05 12:32:08 -05:00			`let result = sign("hello world", b"secret", Algorithm::HS256);`
Add basic working code 2015-11-01 17:31:46 -05:00			`let expected = "c0zGLzKEFWj0VxWuufTXiRMk5tlI5MbGDAYhzaxIYjo";`
wip crypto 2015-11-01 14:32:43 -05:00			`assert_eq!(result, expected);`
			`}`

Add basic working code 2015-11-01 17:31:46 -05:00			`#[test]`
			`fn verify_hs256() {`
			`let sig = "c0zGLzKEFWj0VxWuufTXiRMk5tlI5MbGDAYhzaxIYjo";`
Minor test cleanup 2015-11-05 12:32:08 -05:00			`let valid = verify(sig, "hello world", b"secret", Algorithm::HS256);`
			`assert!(valid);`
Add basic working code 2015-11-01 17:31:46 -05:00			`}`

Add all params of header from RFC 2015-12-18 16:07:48 -05:00			`#[test]`
			`fn encode_with_custom_header() {`
			`// TODO: test decode value`
			`let my_claims = Claims {`
			`sub: "b@b.com".to_owned(),`
			`company: "ACME".to_owned()`
			`};`
			`let mut header = Header::default();`
			`header.kid = Some("kid".to_owned());`
Change order of encode method args + make alg field public 2015-12-21 14:23:10 -05:00			`let token = encode(header, &my_claims, "secret".as_ref()).unwrap();`
Add all params of header from RFC 2015-12-18 16:07:48 -05:00			`let token_data = decode::<Claims>(&token, "secret".as_ref(), Algorithm::HS256).unwrap();`
			`assert_eq!(my_claims, token_data.claims);`
			`assert_eq!("kid", token_data.header.kid.unwrap());`
			`}`

Add basic working code 2015-11-01 17:31:46 -05:00			`#[test]`
			`fn round_trip_claim() {`
			`let my_claims = Claims {`
			`sub: "b@b.com".to_owned(),`
			`company: "ACME".to_owned()`
			`};`
Change order of encode method args + make alg field public 2015-12-21 14:23:10 -05:00			`let token = encode(Header::default(), &my_claims, "secret".as_ref()).unwrap();`
Add all params of header from RFC 2015-12-18 16:07:48 -05:00			`let token_data = decode::<Claims>(&token, "secret".as_ref(), Algorithm::HS256).unwrap();`
			`assert_eq!(my_claims, token_data.claims);`
			`assert!(token_data.header.kid.is_none());`
Add basic working code 2015-11-01 17:31:46 -05:00			`}`

add a test for completely normal decoding 2016-04-02 06:40:24 -04:00			`#[test]`
			`fn decode_token() {`
			`let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUifQ.I1BvFoHe94AFf09O6tDbcSB8-jp8w6xZqmyHIwPeSdY";`
			`let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256);`
			`claims.unwrap();`
			`}`

Add basic working code 2015-11-01 17:31:46 -05:00			`#[test]`
Minor test cleanup 2015-11-05 12:32:08 -05:00			`#[should_panic(expected = "InvalidToken")]`
Add basic working code 2015-11-01 17:31:46 -05:00			`fn decode_token_missing_parts() {`
			`let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9";`
Allow non-UTF8 keys for decoding too 2015-12-13 10:29:12 -05:00			`let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256);`
Minor test cleanup 2015-11-05 12:32:08 -05:00			`claims.unwrap();`
Add basic working code 2015-11-01 17:31:46 -05:00			`}`

			`#[test]`
Minor test cleanup 2015-11-05 12:32:08 -05:00			`#[should_panic(expected = "InvalidSignature")]`
Add basic working code 2015-11-01 17:31:46 -05:00			`fn decode_token_invalid_signature() {`
			`let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUifQ.wrong";`
Allow non-UTF8 keys for decoding too 2015-12-13 10:29:12 -05:00			`let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256);`
			`claims.unwrap();`
			`}`

test if header.alg matches algorithm passed to decode() 2016-04-02 06:41:35 -04:00			`#[test]`
			`#[should_panic(expected = "WrongAlgorithmHeader")]`
			`fn decode_token_wrong_algorithm() {`
			`let token = "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUifQ.pKscJVk7-aHxfmQKlaZxh5uhuKhGMAa-1F5IX5mfUwI";`
			`let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256);`
			`claims.unwrap();`
			`}`

Allow non-UTF8 keys for decoding too 2015-12-13 10:29:12 -05:00			`#[test]`
			`fn decode_token_with_bytes_secret() {`
			`let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiY29tcGFueSI6Ikdvb2dvbCJ9.27QxgG96vpX4akKNpD1YdRGHE3_u2X35wR3EHA2eCrs";`
			`let claims = decode::<Claims>(token, b"\x01\x02\x03", Algorithm::HS256);`
Add all params of header from RFC 2015-12-18 16:07:48 -05:00			`assert!(claims.is_ok());`
			`}`

			`#[test]`
			`fn decode_token_with_shuffled_header_fields() {`
			`let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb21wYW55IjoiMTIzNDU2Nzg5MCIsInN1YiI6IkpvaG4gRG9lIn0.SEIZ4Jg46VGhquuwPYDLY5qHF8AkQczF14aXM3a2c28";`
			`let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256);`
			`assert!(claims.is_ok());`
Add basic working code 2015-11-01 17:31:46 -05:00			`}`
Initial commit 2015-10-31 11:37:15 -04:00			`}`