Add new function and tests (#138)
Co-authored-by: Vincent Prouillet <balthek@gmail.com>
This commit is contained in:
parent
6262b4700b
commit
64f276c814
|
@ -206,12 +206,51 @@ pub fn dangerous_insecure_decode<T: DeserializeOwned>(token: &str) -> Result<Tok
|
|||
Ok(TokenData { header, claims: decoded_claims })
|
||||
}
|
||||
|
||||
/// Decode and validate a JWT without any signature verification.
|
||||
///
|
||||
/// If the token is invalid or the claims fail validation, it will return an error.
|
||||
///
|
||||
/// NOTE: Do not use this unless you know what you are doing! If the token's signature is invalid, it will *not* return an error.
|
||||
///
|
||||
/// ```rust
|
||||
/// use serde::{Deserialize, Serialize};
|
||||
/// use jsonwebtoken::{dangerous_insecure_decode_with_validation, Validation, Algorithm};
|
||||
///
|
||||
/// #[derive(Debug, Serialize, Deserialize)]
|
||||
/// struct Claims {
|
||||
/// sub: String,
|
||||
/// company: String
|
||||
/// }
|
||||
///
|
||||
/// let token = "a.jwt.token";
|
||||
/// // Claims is a struct that implements Deserialize
|
||||
/// let token_message = dangerous_insecure_decode_with_validation::<Claims>(&token, &Validation::new(Algorithm::HS256));
|
||||
/// ```
|
||||
pub fn dangerous_insecure_decode_with_validation<T: DeserializeOwned>(
|
||||
token: &str,
|
||||
validation: &Validation,
|
||||
) -> Result<TokenData<T>> {
|
||||
let (_, message) = expect_two!(token.rsplitn(2, '.'));
|
||||
let (claims, header) = expect_two!(message.rsplitn(2, '.'));
|
||||
let header = Header::from_encoded(header)?;
|
||||
|
||||
if !validation.algorithms.contains(&header.alg) {
|
||||
return Err(new_error(ErrorKind::InvalidAlgorithm));
|
||||
}
|
||||
|
||||
let (decoded_claims, claims_map): (T, _) = from_jwt_part_claims(claims)?;
|
||||
validate(&claims_map, validation)?;
|
||||
|
||||
Ok(TokenData { header, claims: decoded_claims })
|
||||
}
|
||||
|
||||
/// Decode a JWT without any signature verification/validations. DEPRECATED.
|
||||
#[deprecated(
|
||||
note = "This function has been renamed to `dangerous_insecure_decode` and will be removed in a later version."
|
||||
)]
|
||||
pub fn dangerous_unsafe_decode<T: DeserializeOwned>(token: &str) -> Result<TokenData<T>> {
|
||||
dangerous_insecure_decode(token)
|
||||
|
||||
}
|
||||
|
||||
/// Decode a JWT without any signature verification/validations and return its [Header](struct.Header.html).
|
||||
|
|
|
@ -17,7 +17,7 @@ mod validation;
|
|||
|
||||
pub use algorithms::Algorithm;
|
||||
pub use decoding::{
|
||||
dangerous_insecure_decode, dangerous_unsafe_decode, decode, decode_header, DecodingKey,
|
||||
dangerous_insecure_decode_with_validation, dangerous_insecure_decode, dangerous_unsafe_decode, decode, decode_header, DecodingKey,
|
||||
TokenData,
|
||||
};
|
||||
pub use encoding::{encode, EncodingKey};
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
use chrono::Utc;
|
||||
use jsonwebtoken::dangerous_insecure_decode_with_validation;
|
||||
use jsonwebtoken::{
|
||||
crypto::{sign, verify},
|
||||
dangerous_insecure_decode, decode, decode_header, encode, Algorithm, DecodingKey, EncodingKey,
|
||||
|
@ -158,3 +159,33 @@ fn dangerous_insecure_decode_token_wrong_algorithm() {
|
|||
let claims = dangerous_insecure_decode::<Claims>(token);
|
||||
claims.unwrap();
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn dangerous_insecure_decode_token_with_validation() {
|
||||
let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUiLCJleHAiOjI1MzI1MjQ4OTF9.9r56oF7ZliOBlOAyiOFperTGxBtPykRQiWNFxhDCW98";
|
||||
let claims = dangerous_insecure_decode_with_validation::<Claims>(token, &Validation::default());
|
||||
claims.unwrap();
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[should_panic(expected = "InvalidToken")]
|
||||
fn dangerous_insecure_decode_token_with_validation_missing_parts() {
|
||||
let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9";
|
||||
let claims = dangerous_insecure_decode_with_validation::<Claims>(token, &Validation::default());
|
||||
claims.unwrap();
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn dangerous_insecure_decode_token_with_validation_invalid_signature() {
|
||||
let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUiLCJleHAiOjI1MzI1MjQ4OTF9.wrong";
|
||||
let claims = dangerous_insecure_decode_with_validation::<Claims>(token, &Validation::default());
|
||||
claims.unwrap();
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[should_panic(expected = "InvalidAlgorithm")]
|
||||
fn dangerous_insecure_decode_token_with_validation_wrong_algorithm() {
|
||||
let token = "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUiLCJleHAiOjI1MzI1MjQ4OTF9.fLxey-hxAKX5rNHHIx1_Ch0KmrbiuoakDVbsJjLWrx8fbjKjrPuWMYEJzTU3SBnYgnZokC-wqSdqckXUOunC-g";
|
||||
let claims = dangerous_insecure_decode_with_validation::<Claims>(token, &Validation::default());
|
||||
claims.unwrap();
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue