From b3663e90c62efc31050a4b062eda7abf2b339425 Mon Sep 17 00:00:00 2001 From: Vincent Prouillet Date: Mon, 2 Nov 2015 21:22:21 +0000 Subject: [PATCH] Uncomment alg comparison --- README.md | 5 +++-- src/errors.rs | 3 ++- src/lib.rs | 9 +++++---- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 8048d44..bb93808 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ In addition to the normal base64/json decoding errors, `decode` can return two c - **InvalidToken**: if the token is not a valid JWT - **InvalidSignature**: if the signature doesn't match +- **WrongAlgorithmHeader**: if the alg in the header doesn't match the one given to decode ## Algorithms Right now, only SHA256 is supported. @@ -36,6 +37,6 @@ The header is currently not customisable and therefore does not support things l On my thinkpad 440s for a 2 claims struct: ``` -test tests::bench_decode ... bench: 5,578 ns/iter (+/- 307) -test tests::bench_encode ... bench: 3,542 ns/iter (+/- 416) +test bench_decode ... bench: 7,106 ns/iter (+/- 5,354) +test bench_encode ... bench: 3,453 ns/iter (+/- 140) ``` diff --git a/src/errors.rs b/src/errors.rs index 71e0271..a41007b 100644 --- a/src/errors.rs +++ b/src/errors.rs @@ -12,7 +12,8 @@ pub enum Error { Utf8(string::FromUtf8Error), InvalidToken, - InvalidSignature + InvalidSignature, + WrongAlgorithmHeader } macro_rules! impl_from_error { diff --git a/src/lib.rs b/src/lib.rs index 9cb3740..a692f73 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -115,10 +115,11 @@ pub fn decode(token: String, secret: String, algorithm: Algorithm) -> R return Err(Error::InvalidSignature); } - // let header = try!(Header::from_base64(parts[0].to_owned())); - // if header.alg != algorithm.to_string() { - // return Err(Error::InvalidToken); - // } + // not reachable right now + let header = try!(Header::from_base64(parts[0].to_owned())); + if header.alg != algorithm.to_string() { + return Err(Error::WrongAlgorithmHeader); + } let claims: T = try!(T::from_base64(parts[1].to_owned())); Ok(claims)