Actually take a ref to Validation
Seems like I updated the docs but not the code...
This commit is contained in:
parent
64ad3187eb
commit
57c513c757
|
@ -25,5 +25,5 @@ fn bench_encode(b: &mut test::Bencher) {
|
||||||
#[bench]
|
#[bench]
|
||||||
fn bench_decode(b: &mut test::Bencher) {
|
fn bench_decode(b: &mut test::Bencher) {
|
||||||
let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ";
|
let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ";
|
||||||
b.iter(|| decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, Validation::default()));
|
b.iter(|| decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, &Validation::default()));
|
||||||
}
|
}
|
||||||
|
|
|
@ -29,7 +29,7 @@ fn main() {
|
||||||
};
|
};
|
||||||
println!("{:?}", token);
|
println!("{:?}", token);
|
||||||
|
|
||||||
let token_data = match decode::<Claims>(&token, key.as_ref(), Algorithm::HS512, Validation::default()) {
|
let token_data = match decode::<Claims>(&token, key.as_ref(), Algorithm::HS512, &Validation::default()) {
|
||||||
Ok(c) => c,
|
Ok(c) => c,
|
||||||
Err(err) => match *err.kind() {
|
Err(err) => match *err.kind() {
|
||||||
ErrorKind::InvalidToken => panic!(), // Example on how to handle a specific error
|
ErrorKind::InvalidToken => panic!(), // Example on how to handle a specific error
|
||||||
|
|
|
@ -26,7 +26,7 @@ fn main() {
|
||||||
println!("{:?}", token);
|
println!("{:?}", token);
|
||||||
let validation = Validation {sub: Some("b@b.com".to_string()), ..Validation::default()};
|
let validation = Validation {sub: Some("b@b.com".to_string()), ..Validation::default()};
|
||||||
|
|
||||||
let token_data = match decode::<Claims>(&token, key.as_ref(), Algorithm::HS256, validation) {
|
let token_data = match decode::<Claims>(&token, key.as_ref(), Algorithm::HS256, &validation) {
|
||||||
Ok(c) => c,
|
Ok(c) => c,
|
||||||
Err(err) => match *err.kind() {
|
Err(err) => match *err.kind() {
|
||||||
ErrorKind::InvalidToken => panic!(), // Example on how to handle a specific error
|
ErrorKind::InvalidToken => panic!(), // Example on how to handle a specific error
|
||||||
|
|
|
@ -28,7 +28,7 @@ pub enum Algorithm {
|
||||||
|
|
||||||
/// The actual HS signing + encoding
|
/// The actual HS signing + encoding
|
||||||
fn sign_hmac(alg: &'static digest::Algorithm, key: &[u8], signing_input: &str) -> Result<String> {
|
fn sign_hmac(alg: &'static digest::Algorithm, key: &[u8], signing_input: &str) -> Result<String> {
|
||||||
let signing_key = hmac::SigningKey::new(&alg, key);
|
let signing_key = hmac::SigningKey::new(alg, key);
|
||||||
Ok(base64::encode_config(
|
Ok(base64::encode_config(
|
||||||
hmac::sign(&signing_key, signing_input.as_bytes()).as_ref(),
|
hmac::sign(&signing_key, signing_input.as_bytes()).as_ref(),
|
||||||
base64::URL_SAFE_NO_PAD
|
base64::URL_SAFE_NO_PAD
|
||||||
|
|
|
@ -101,7 +101,7 @@ macro_rules! expect_two {
|
||||||
/// // Claims is a struct that implements Deserialize
|
/// // Claims is a struct that implements Deserialize
|
||||||
/// let token_data = decode::<Claims>(&token, "secret", Algorithm::HS256, &Validation::default());
|
/// let token_data = decode::<Claims>(&token, "secret", Algorithm::HS256, &Validation::default());
|
||||||
/// ```
|
/// ```
|
||||||
pub fn decode<T: Deserialize>(token: &str, key: &[u8], algorithm: Algorithm, validation: Validation) -> Result<TokenData<T>> {
|
pub fn decode<T: Deserialize>(token: &str, key: &[u8], algorithm: Algorithm, validation: &Validation) -> Result<TokenData<T>> {
|
||||||
let (signature, signing_input) = expect_two!(token.rsplitn(2, '.'));
|
let (signature, signing_input) = expect_two!(token.rsplitn(2, '.'));
|
||||||
|
|
||||||
if validation.validate_signature && !verify(signature, signing_input, key, algorithm)? {
|
if validation.validate_signature && !verify(signature, signing_input, key, algorithm)? {
|
||||||
|
@ -116,7 +116,7 @@ pub fn decode<T: Deserialize>(token: &str, key: &[u8], algorithm: Algorithm, val
|
||||||
}
|
}
|
||||||
let (decoded_claims, claims_map): (T, _) = from_jwt_part_claims(claims)?;
|
let (decoded_claims, claims_map): (T, _) = from_jwt_part_claims(claims)?;
|
||||||
|
|
||||||
validate(&claims_map, &validation)?;
|
validate(&claims_map, validation)?;
|
||||||
|
|
||||||
Ok(TokenData { header: header, claims: decoded_claims })
|
Ok(TokenData { header: header, claims: decoded_claims })
|
||||||
}
|
}
|
||||||
|
|
18
tests/lib.rs
18
tests/lib.rs
|
@ -34,7 +34,7 @@ fn encode_with_custom_header() {
|
||||||
let mut header = Header::default();
|
let mut header = Header::default();
|
||||||
header.kid = Some("kid".to_string());
|
header.kid = Some("kid".to_string());
|
||||||
let token = encode(&header, &my_claims, "secret".as_ref()).unwrap();
|
let token = encode(&header, &my_claims, "secret".as_ref()).unwrap();
|
||||||
let token_data = decode::<Claims>(&token, "secret".as_ref(), Algorithm::HS256, Validation::default()).unwrap();
|
let token_data = decode::<Claims>(&token, "secret".as_ref(), Algorithm::HS256, &Validation::default()).unwrap();
|
||||||
assert_eq!(my_claims, token_data.claims);
|
assert_eq!(my_claims, token_data.claims);
|
||||||
assert_eq!("kid", token_data.header.kid.unwrap());
|
assert_eq!("kid", token_data.header.kid.unwrap());
|
||||||
}
|
}
|
||||||
|
@ -46,7 +46,7 @@ fn round_trip_claim() {
|
||||||
company: "ACME".to_string()
|
company: "ACME".to_string()
|
||||||
};
|
};
|
||||||
let token = encode(&Header::default(), &my_claims, "secret".as_ref()).unwrap();
|
let token = encode(&Header::default(), &my_claims, "secret".as_ref()).unwrap();
|
||||||
let token_data = decode::<Claims>(&token, "secret".as_ref(), Algorithm::HS256, Validation::default()).unwrap();
|
let token_data = decode::<Claims>(&token, "secret".as_ref(), Algorithm::HS256, &Validation::default()).unwrap();
|
||||||
assert_eq!(my_claims, token_data.claims);
|
assert_eq!(my_claims, token_data.claims);
|
||||||
assert!(token_data.header.kid.is_none());
|
assert!(token_data.header.kid.is_none());
|
||||||
}
|
}
|
||||||
|
@ -54,7 +54,7 @@ fn round_trip_claim() {
|
||||||
#[test]
|
#[test]
|
||||||
fn decode_token() {
|
fn decode_token() {
|
||||||
let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUifQ.I1BvFoHe94AFf09O6tDbcSB8-jp8w6xZqmyHIwPeSdY";
|
let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUifQ.I1BvFoHe94AFf09O6tDbcSB8-jp8w6xZqmyHIwPeSdY";
|
||||||
let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, Validation::default());
|
let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, &Validation::default());
|
||||||
claims.unwrap();
|
claims.unwrap();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -62,7 +62,7 @@ fn decode_token() {
|
||||||
#[should_panic(expected = "InvalidToken")]
|
#[should_panic(expected = "InvalidToken")]
|
||||||
fn decode_token_missing_parts() {
|
fn decode_token_missing_parts() {
|
||||||
let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9";
|
let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9";
|
||||||
let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, Validation::default());
|
let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, &Validation::default());
|
||||||
claims.unwrap();
|
claims.unwrap();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -70,7 +70,7 @@ fn decode_token_missing_parts() {
|
||||||
#[should_panic(expected = "InvalidSignature")]
|
#[should_panic(expected = "InvalidSignature")]
|
||||||
fn decode_token_invalid_signature() {
|
fn decode_token_invalid_signature() {
|
||||||
let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUifQ.wrong";
|
let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUifQ.wrong";
|
||||||
let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, Validation::default());
|
let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, &Validation::default());
|
||||||
claims.unwrap();
|
claims.unwrap();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -78,28 +78,28 @@ fn decode_token_invalid_signature() {
|
||||||
#[should_panic(expected = "WrongAlgorithmHeader")]
|
#[should_panic(expected = "WrongAlgorithmHeader")]
|
||||||
fn decode_token_wrong_algorithm() {
|
fn decode_token_wrong_algorithm() {
|
||||||
let token = "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUifQ.pKscJVk7-aHxfmQKlaZxh5uhuKhGMAa-1F5IX5mfUwI";
|
let token = "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUifQ.pKscJVk7-aHxfmQKlaZxh5uhuKhGMAa-1F5IX5mfUwI";
|
||||||
let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, Validation::default());
|
let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, &Validation::default());
|
||||||
claims.unwrap();
|
claims.unwrap();
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn decode_token_with_bytes_secret() {
|
fn decode_token_with_bytes_secret() {
|
||||||
let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiY29tcGFueSI6Ikdvb2dvbCJ9.27QxgG96vpX4akKNpD1YdRGHE3_u2X35wR3EHA2eCrs";
|
let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiY29tcGFueSI6Ikdvb2dvbCJ9.27QxgG96vpX4akKNpD1YdRGHE3_u2X35wR3EHA2eCrs";
|
||||||
let claims = decode::<Claims>(token, b"\x01\x02\x03", Algorithm::HS256, Validation::default());
|
let claims = decode::<Claims>(token, b"\x01\x02\x03", Algorithm::HS256, &Validation::default());
|
||||||
assert!(claims.is_ok());
|
assert!(claims.is_ok());
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn decode_token_with_shuffled_header_fields() {
|
fn decode_token_with_shuffled_header_fields() {
|
||||||
let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb21wYW55IjoiMTIzNDU2Nzg5MCIsInN1YiI6IkpvaG4gRG9lIn0.SEIZ4Jg46VGhquuwPYDLY5qHF8AkQczF14aXM3a2c28";
|
let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb21wYW55IjoiMTIzNDU2Nzg5MCIsInN1YiI6IkpvaG4gRG9lIn0.SEIZ4Jg46VGhquuwPYDLY5qHF8AkQczF14aXM3a2c28";
|
||||||
let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, Validation::default());
|
let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, &Validation::default());
|
||||||
assert!(claims.is_ok());
|
assert!(claims.is_ok());
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn decode_without_validating_signature() {
|
fn decode_without_validating_signature() {
|
||||||
let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb21wYW55IjoiMTIzNDU2Nzg5MCIsInN1YiI6IkpvaG4gRG9lIn0.S";
|
let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb21wYW55IjoiMTIzNDU2Nzg5MCIsInN1YiI6IkpvaG4gRG9lIn0.S";
|
||||||
let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, Validation {validate_signature: false, ..Validation::default()});
|
let claims = decode::<Claims>(token, "secret".as_ref(), Algorithm::HS256, &Validation {validate_signature: false, ..Validation::default()});
|
||||||
assert!(claims.is_ok());
|
assert!(claims.is_ok());
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,7 +26,7 @@ fn round_trip_claim() {
|
||||||
company: "ACME".to_string()
|
company: "ACME".to_string()
|
||||||
};
|
};
|
||||||
let token = encode(&Header::new(Algorithm::RS256), &my_claims, include_bytes!("private_rsa_key.der")).unwrap();
|
let token = encode(&Header::new(Algorithm::RS256), &my_claims, include_bytes!("private_rsa_key.der")).unwrap();
|
||||||
let token_data = decode::<Claims>(&token, include_bytes!("public_rsa_key.der"), Algorithm::RS256, Validation::default()).unwrap();
|
let token_data = decode::<Claims>(&token, include_bytes!("public_rsa_key.der"), Algorithm::RS256, &Validation::default()).unwrap();
|
||||||
assert_eq!(my_claims, token_data.claims);
|
assert_eq!(my_claims, token_data.claims);
|
||||||
assert!(token_data.header.kid.is_none());
|
assert!(token_data.header.kid.is_none());
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue