Actually take a ref to Validation

Seems like I updated the docs but not the code...

benches/jwt.rs

@@ -25,5 +25,5 @@ fn bench_encode(b: &mut test::Bencher) {
 #[bench]
 fn bench_decode(b: &mut test::Bencher) {
     let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ";
-    b.iter(|| decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, Validation::default()));
+    b.iter(|| decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, &Validation::default()));
 }

examples/custom_header.rs

@@ -29,7 +29,7 @@ fn main() {
     };
     println!("{:?}", token);
 
-    let token_data = match decode::<Claims>(&token, key.as_ref(), Algorithm::HS512, Validation::default()) {
+    let token_data = match decode::<Claims>(&token, key.as_ref(), Algorithm::HS512, &Validation::default()) {
         Ok(c) => c,
         Err(err) => match *err.kind() {
             ErrorKind::InvalidToken => panic!(), // Example on how to handle a specific error

examples/validation.rs

@@ -26,7 +26,7 @@ fn main() {
     println!("{:?}", token);
     let validation = Validation {sub: Some("b@b.com".to_string()), ..Validation::default()};
 
-    let token_data = match decode::<Claims>(&token, key.as_ref(), Algorithm::HS256, validation) {
+    let token_data = match decode::<Claims>(&token, key.as_ref(), Algorithm::HS256, &validation) {
         Ok(c) => c,
         Err(err) => match *err.kind() {
             ErrorKind::InvalidToken => panic!(), // Example on how to handle a specific error

src/crypto.rs

@@ -28,7 +28,7 @@ pub enum Algorithm {
 
 /// The actual HS signing + encoding
 fn sign_hmac(alg: &'static digest::Algorithm, key: &[u8], signing_input: &str) -> Result<String> {
-    let signing_key = hmac::SigningKey::new(&alg, key);
+    let signing_key = hmac::SigningKey::new(alg, key);
     Ok(base64::encode_config(
         hmac::sign(&signing_key, signing_input.as_bytes()).as_ref(),
         base64::URL_SAFE_NO_PAD

src/lib.rs

@@ -101,7 +101,7 @@ macro_rules! expect_two {
 /// // Claims is a struct that implements Deserialize
 /// let token_data = decode::<Claims>(&token, "secret", Algorithm::HS256, &Validation::default());
 /// ```
-pub fn decode<T: Deserialize>(token: &str, key: &[u8], algorithm: Algorithm, validation: Validation) -> Result<TokenData<T>> {
+pub fn decode<T: Deserialize>(token: &str, key: &[u8], algorithm: Algorithm, validation: &Validation) -> Result<TokenData<T>> {
     let (signature, signing_input) = expect_two!(token.rsplitn(2, '.'));
 
     if validation.validate_signature && !verify(signature, signing_input, key, algorithm)? {
@@ -116,7 +116,7 @@ pub fn decode<T: Deserialize>(token: &str, key: &[u8], algorithm: Algorithm, val
     }
     let (decoded_claims, claims_map): (T, _)  = from_jwt_part_claims(claims)?;
 
-    validate(&claims_map, &validation)?;
+    validate(&claims_map, validation)?;
 
     Ok(TokenData { header: header, claims: decoded_claims })
 }

tests/lib.rs

@@ -34,7 +34,7 @@ fn encode_with_custom_header() {
     let mut header = Header::default();
     header.kid = Some("kid".to_string());
     let token = encode(&header, &my_claims, "secret".as_ref()).unwrap();
-    let token_data = decode::<Claims>(&token, "secret".as_ref(), Algorithm::HS256, Validation::default()).unwrap();
+    let token_data = decode::<Claims>(&token, "secret".as_ref(), Algorithm::HS256, &Validation::default()).unwrap();
     assert_eq!(my_claims, token_data.claims);
     assert_eq!("kid", token_data.header.kid.unwrap());
 }
@@ -46,7 +46,7 @@ fn round_trip_claim() {
         company: "ACME".to_string()
     };
     let token = encode(&Header::default(), &my_claims, "secret".as_ref()).unwrap();
-    let token_data = decode::<Claims>(&token, "secret".as_ref(), Algorithm::HS256, Validation::default()).unwrap();
+    let token_data = decode::<Claims>(&token, "secret".as_ref(), Algorithm::HS256, &Validation::default()).unwrap();
     assert_eq!(my_claims, token_data.claims);
     assert!(token_data.header.kid.is_none());
 }
@@ -54,7 +54,7 @@ fn round_trip_claim() {
 #[test]
 fn decode_token() {
     let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUifQ.I1BvFoHe94AFf09O6tDbcSB8-jp8w6xZqmyHIwPeSdY";
-    let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, Validation::default());
+    let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, &Validation::default());
     claims.unwrap();
 }
 
@@ -62,7 +62,7 @@ fn decode_token() {
 #[should_panic(expected = "InvalidToken")]
 fn decode_token_missing_parts() {
     let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9";
-    let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, Validation::default());
+    let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, &Validation::default());
     claims.unwrap();
 }
 
@@ -70,7 +70,7 @@ fn decode_token_missing_parts() {
 #[should_panic(expected = "InvalidSignature")]
 fn decode_token_invalid_signature() {
     let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUifQ.wrong";
-    let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, Validation::default());
+    let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, &Validation::default());
     claims.unwrap();
 }
 
@@ -78,28 +78,28 @@ fn decode_token_invalid_signature() {
 #[should_panic(expected = "WrongAlgorithmHeader")]
 fn decode_token_wrong_algorithm() {
     let token = "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUifQ.pKscJVk7-aHxfmQKlaZxh5uhuKhGMAa-1F5IX5mfUwI";
-    let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, Validation::default());
+    let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, &Validation::default());
     claims.unwrap();
 }
 
 #[test]
 fn decode_token_with_bytes_secret() {
     let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiY29tcGFueSI6Ikdvb2dvbCJ9.27QxgG96vpX4akKNpD1YdRGHE3_u2X35wR3EHA2eCrs";
-    let claims = decode::<Claims>(token, b"\x01\x02\x03", Algorithm::HS256, Validation::default());
+    let claims = decode::<Claims>(token, b"\x01\x02\x03", Algorithm::HS256, &Validation::default());
     assert!(claims.is_ok());
 }
 
 #[test]
 fn decode_token_with_shuffled_header_fields() {
     let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb21wYW55IjoiMTIzNDU2Nzg5MCIsInN1YiI6IkpvaG4gRG9lIn0.SEIZ4Jg46VGhquuwPYDLY5qHF8AkQczF14aXM3a2c28";
-    let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, Validation::default());
+    let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, &Validation::default());
     assert!(claims.is_ok());
 }
 
 #[test]
 fn decode_without_validating_signature() {
     let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb21wYW55IjoiMTIzNDU2Nzg5MCIsInN1YiI6IkpvaG4gRG9lIn0.S";
-    let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, Validation {validate_signature: false, ..Validation::default()});
+    let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, &Validation {validate_signature: false, ..Validation::default()});
     assert!(claims.is_ok());
 
 }

tests/rsa.rs

@@ -26,7 +26,7 @@ fn round_trip_claim() {
         company: "ACME".to_string()
     };
     let token = encode(&Header::new(Algorithm::RS256), &my_claims, include_bytes!("private_rsa_key.der")).unwrap();
-    let token_data = decode::<Claims>(&token, include_bytes!("public_rsa_key.der"), Algorithm::RS256, Validation::default()).unwrap();
+    let token_data = decode::<Claims>(&token, include_bytes!("public_rsa_key.der"), Algorithm::RS256, &Validation::default()).unwrap();
     assert_eq!(my_claims, token_data.claims);
     assert!(token_data.header.kid.is_none());
 }