diff --git a/benches/jwt.rs b/benches/jwt.rs index bafe8de..f98009d 100644 --- a/benches/jwt.rs +++ b/benches/jwt.rs @@ -25,5 +25,5 @@ fn bench_encode(b: &mut test::Bencher) { #[bench] fn bench_decode(b: &mut test::Bencher) { let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"; - b.iter(|| decode::(token, "secret".as_ref(), Algorithm::HS256, Validation::default())); + b.iter(|| decode::(token, "secret".as_ref(), Algorithm::HS256, &Validation::default())); } diff --git a/examples/custom_header.rs b/examples/custom_header.rs index ddca412..2cdfc22 100644 --- a/examples/custom_header.rs +++ b/examples/custom_header.rs @@ -29,7 +29,7 @@ fn main() { }; println!("{:?}", token); - let token_data = match decode::(&token, key.as_ref(), Algorithm::HS512, Validation::default()) { + let token_data = match decode::(&token, key.as_ref(), Algorithm::HS512, &Validation::default()) { Ok(c) => c, Err(err) => match *err.kind() { ErrorKind::InvalidToken => panic!(), // Example on how to handle a specific error diff --git a/examples/validation.rs b/examples/validation.rs index 7ca0507..c170df3 100644 --- a/examples/validation.rs +++ b/examples/validation.rs @@ -26,7 +26,7 @@ fn main() { println!("{:?}", token); let validation = Validation {sub: Some("b@b.com".to_string()), ..Validation::default()}; - let token_data = match decode::(&token, key.as_ref(), Algorithm::HS256, validation) { + let token_data = match decode::(&token, key.as_ref(), Algorithm::HS256, &validation) { Ok(c) => c, Err(err) => match *err.kind() { ErrorKind::InvalidToken => panic!(), // Example on how to handle a specific error diff --git a/src/crypto.rs b/src/crypto.rs index 3414c6c..2351420 100644 --- a/src/crypto.rs +++ b/src/crypto.rs @@ -28,7 +28,7 @@ pub enum Algorithm { /// The actual HS signing + encoding fn sign_hmac(alg: &'static digest::Algorithm, key: &[u8], signing_input: &str) -> Result { - let signing_key = hmac::SigningKey::new(&alg, key); + let signing_key = hmac::SigningKey::new(alg, key); Ok(base64::encode_config( hmac::sign(&signing_key, signing_input.as_bytes()).as_ref(), base64::URL_SAFE_NO_PAD diff --git a/src/lib.rs b/src/lib.rs index 32c83f5..1f517cc 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -101,7 +101,7 @@ macro_rules! expect_two { /// // Claims is a struct that implements Deserialize /// let token_data = decode::(&token, "secret", Algorithm::HS256, &Validation::default()); /// ``` -pub fn decode(token: &str, key: &[u8], algorithm: Algorithm, validation: Validation) -> Result> { +pub fn decode(token: &str, key: &[u8], algorithm: Algorithm, validation: &Validation) -> Result> { let (signature, signing_input) = expect_two!(token.rsplitn(2, '.')); if validation.validate_signature && !verify(signature, signing_input, key, algorithm)? { @@ -116,7 +116,7 @@ pub fn decode(token: &str, key: &[u8], algorithm: Algorithm, val } let (decoded_claims, claims_map): (T, _) = from_jwt_part_claims(claims)?; - validate(&claims_map, &validation)?; + validate(&claims_map, validation)?; Ok(TokenData { header: header, claims: decoded_claims }) } diff --git a/tests/lib.rs b/tests/lib.rs index cbbea40..88f2815 100644 --- a/tests/lib.rs +++ b/tests/lib.rs @@ -34,7 +34,7 @@ fn encode_with_custom_header() { let mut header = Header::default(); header.kid = Some("kid".to_string()); let token = encode(&header, &my_claims, "secret".as_ref()).unwrap(); - let token_data = decode::(&token, "secret".as_ref(), Algorithm::HS256, Validation::default()).unwrap(); + let token_data = decode::(&token, "secret".as_ref(), Algorithm::HS256, &Validation::default()).unwrap(); assert_eq!(my_claims, token_data.claims); assert_eq!("kid", token_data.header.kid.unwrap()); } @@ -46,7 +46,7 @@ fn round_trip_claim() { company: "ACME".to_string() }; let token = encode(&Header::default(), &my_claims, "secret".as_ref()).unwrap(); - let token_data = decode::(&token, "secret".as_ref(), Algorithm::HS256, Validation::default()).unwrap(); + let token_data = decode::(&token, "secret".as_ref(), Algorithm::HS256, &Validation::default()).unwrap(); assert_eq!(my_claims, token_data.claims); assert!(token_data.header.kid.is_none()); } @@ -54,7 +54,7 @@ fn round_trip_claim() { #[test] fn decode_token() { let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUifQ.I1BvFoHe94AFf09O6tDbcSB8-jp8w6xZqmyHIwPeSdY"; - let claims = decode::(token, "secret".as_ref(), Algorithm::HS256, Validation::default()); + let claims = decode::(token, "secret".as_ref(), Algorithm::HS256, &Validation::default()); claims.unwrap(); } @@ -62,7 +62,7 @@ fn decode_token() { #[should_panic(expected = "InvalidToken")] fn decode_token_missing_parts() { let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"; - let claims = decode::(token, "secret".as_ref(), Algorithm::HS256, Validation::default()); + let claims = decode::(token, "secret".as_ref(), Algorithm::HS256, &Validation::default()); claims.unwrap(); } @@ -70,7 +70,7 @@ fn decode_token_missing_parts() { #[should_panic(expected = "InvalidSignature")] fn decode_token_invalid_signature() { let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUifQ.wrong"; - let claims = decode::(token, "secret".as_ref(), Algorithm::HS256, Validation::default()); + let claims = decode::(token, "secret".as_ref(), Algorithm::HS256, &Validation::default()); claims.unwrap(); } @@ -78,28 +78,28 @@ fn decode_token_invalid_signature() { #[should_panic(expected = "WrongAlgorithmHeader")] fn decode_token_wrong_algorithm() { let token = "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUifQ.pKscJVk7-aHxfmQKlaZxh5uhuKhGMAa-1F5IX5mfUwI"; - let claims = decode::(token, "secret".as_ref(), Algorithm::HS256, Validation::default()); + let claims = decode::(token, "secret".as_ref(), Algorithm::HS256, &Validation::default()); claims.unwrap(); } #[test] fn decode_token_with_bytes_secret() { let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiY29tcGFueSI6Ikdvb2dvbCJ9.27QxgG96vpX4akKNpD1YdRGHE3_u2X35wR3EHA2eCrs"; - let claims = decode::(token, b"\x01\x02\x03", Algorithm::HS256, Validation::default()); + let claims = decode::(token, b"\x01\x02\x03", Algorithm::HS256, &Validation::default()); assert!(claims.is_ok()); } #[test] fn decode_token_with_shuffled_header_fields() { let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb21wYW55IjoiMTIzNDU2Nzg5MCIsInN1YiI6IkpvaG4gRG9lIn0.SEIZ4Jg46VGhquuwPYDLY5qHF8AkQczF14aXM3a2c28"; - let claims = decode::(token, "secret".as_ref(), Algorithm::HS256, Validation::default()); + let claims = decode::(token, "secret".as_ref(), Algorithm::HS256, &Validation::default()); assert!(claims.is_ok()); } #[test] fn decode_without_validating_signature() { let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb21wYW55IjoiMTIzNDU2Nzg5MCIsInN1YiI6IkpvaG4gRG9lIn0.S"; - let claims = decode::(token, "secret".as_ref(), Algorithm::HS256, Validation {validate_signature: false, ..Validation::default()}); + let claims = decode::(token, "secret".as_ref(), Algorithm::HS256, &Validation {validate_signature: false, ..Validation::default()}); assert!(claims.is_ok()); } diff --git a/tests/rsa.rs b/tests/rsa.rs index 8ed2904..e1cb31c 100644 --- a/tests/rsa.rs +++ b/tests/rsa.rs @@ -26,7 +26,7 @@ fn round_trip_claim() { company: "ACME".to_string() }; let token = encode(&Header::new(Algorithm::RS256), &my_claims, include_bytes!("private_rsa_key.der")).unwrap(); - let token_data = decode::(&token, include_bytes!("public_rsa_key.der"), Algorithm::RS256, Validation::default()).unwrap(); + let token_data = decode::(&token, include_bytes!("public_rsa_key.der"), Algorithm::RS256, &Validation::default()).unwrap(); assert_eq!(my_claims, token_data.claims); assert!(token_data.header.kid.is_none()); }