Make Validation::algorithms an error if empty

2021-03-22 21:24:20 +01:00 · 2021-03-22 21:24:20 +01:00 · b6dafd63dd
parent fd2c314d3c
commit b6dafd63dd
5 changed files with 12 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,6 +7,7 @@
 - `DecodingKey` now own its data
 - Remove deprecated `dangerous_unsafe_decode`
 - `Validation::iss` is now a `HashSet` instead of a single value
+- `decode` will now error if `Validation::algorithms` is empty

 ## 7.2.0 (2020-06-30)

--- a/Cargo.toml
+++ b/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "jsonwebtoken"
-version = "8.0.0-beta.1"
+version = "8.0.0-beta.2"
 authors = ["Vincent Prouillet <hello@vincentprouillet.com>"]
 license = "MIT"
 readme = "README.md"
--- a/src/decoding.rs
+++ b/src/decoding.rs
@ -154,6 +154,10 @@ pub fn verify_signature<'a>(
    key: &DecodingKey,
    validation: &Validation,
 ) -> Result<(Header, &'a str)> {
+    if validation.algorithms.is_empty() {
+        return Err(new_error(ErrorKind::MissingAlgorithm));
+    }
+
    for alg in &validation.algorithms {
        if key.family != alg.family() {
            return Err(new_error(ErrorKind::InvalidAlgorithm));
--- a/src/errors.rs
+++ b/src/errors.rs
@ -63,6 +63,8 @@ pub enum ErrorKind {
    /// When the algorithm in the header doesn't match the one passed to `decode` or the encoding/decoding key
    /// used doesn't match the alg requested
    InvalidAlgorithm,
+    /// When the Validation struct does not contain at least 1 algorithm
+    MissingAlgorithm,

    // 3rd party errors
    /// An error happened when decoding some base64 text
@ -84,6 +86,7 @@ impl StdError for Error {
            ErrorKind::RsaFailedSigning => None,
            ErrorKind::InvalidRsaKey(_) => None,
            ErrorKind::ExpiredSignature => None,
+            ErrorKind::MissingAlgorithm => None,
            ErrorKind::InvalidIssuer => None,
            ErrorKind::InvalidAudience => None,
            ErrorKind::InvalidSubject => None,
@ -107,6 +110,7 @@ impl fmt::Display for Error {
            | ErrorKind::InvalidEcdsaKey
            | ErrorKind::ExpiredSignature
            | ErrorKind::RsaFailedSigning
+            | ErrorKind::MissingAlgorithm
            | ErrorKind::InvalidIssuer
            | ErrorKind::InvalidAudience
            | ErrorKind::InvalidSubject
--- a/src/validation.rs
+++ b/src/validation.rs
@ -59,8 +59,8 @@ pub struct Validation {
    ///
    /// Defaults to `None`.
    pub sub: Option<String>,
-    /// If it contains a value, the validation will check that the `alg` of the header is contained
-    /// in the ones provided and will error otherwise.
+    /// The validation will check that the `alg` of the header is contained
+    /// in the ones provided and will error otherwise. Will error if it is empty.
    ///
    /// Defaults to `vec![Algorithm::HS256]`.
    pub algorithms: Vec<Algorithm>,