Remove validate_signature option and add decode_header
This commit is contained in:
parent
01d6b906e0
commit
d213fb8a62
|
@ -1,5 +1,13 @@
|
|||
# Changelog
|
||||
|
||||
## 3.0.0 (unreleased)
|
||||
|
||||
### Breaking change
|
||||
- Remove `validate_signature` from `Validation`
|
||||
|
||||
### Other
|
||||
- Add `decode_header` to only decode the header: replaces the use case of `validate_signature`
|
||||
|
||||
## 2.0.3 (2017-07-18)
|
||||
|
||||
- Make `TokenData` public
|
||||
|
|
22
src/lib.rs
22
src/lib.rs
|
@ -22,7 +22,7 @@ mod crypto;
|
|||
mod serialization;
|
||||
mod validation;
|
||||
|
||||
pub use header::{Header};
|
||||
pub use header::Header;
|
||||
pub use crypto::{
|
||||
Algorithm,
|
||||
sign,
|
||||
|
@ -107,7 +107,7 @@ pub fn decode<T: DeserializeOwned>(token: &str, key: &[u8], validation: &Validat
|
|||
let (claims, header) = expect_two!(signing_input.rsplitn(2, '.'));
|
||||
let header: Header = from_jwt_part(header)?;
|
||||
|
||||
if validation.validate_signature && !verify(signature, signing_input, key, header.alg)? {
|
||||
if !verify(signature, signing_input, key, header.alg)? {
|
||||
return Err(ErrorKind::InvalidSignature.into());
|
||||
}
|
||||
|
||||
|
@ -123,3 +123,21 @@ pub fn decode<T: DeserializeOwned>(token: &str, key: &[u8], validation: &Validat
|
|||
|
||||
Ok(TokenData { header: header, claims: decoded_claims })
|
||||
}
|
||||
|
||||
/// Decode a token and return the Header. This is not doing any kind of validation: it is meant to be
|
||||
/// used when you don't know which `alg` the token is using and want to check
|
||||
///
|
||||
/// If the token is invalid, it will return an error.
|
||||
///
|
||||
/// ```rust,ignore
|
||||
/// use jsonwebtoken::decode_header;
|
||||
///
|
||||
///
|
||||
/// let token = "a.jwt.token".to_string();
|
||||
/// let header = decode_header(&token);
|
||||
/// ```
|
||||
pub fn decode_header(token: &str) -> Result<Header> {
|
||||
let (_, signing_input) = expect_two!(token.rsplitn(2, '.'));
|
||||
let (_, header) = expect_two!(signing_input.rsplitn(2, '.'));
|
||||
from_jwt_part(header)
|
||||
}
|
||||
|
|
|
@ -32,12 +32,6 @@ pub struct Validation {
|
|||
///
|
||||
/// Defaults to `0`.
|
||||
pub leeway: i64,
|
||||
/// Whether to actually validate the signature of the token.
|
||||
///
|
||||
/// WARNING: only set that to false if you know what you are doing.
|
||||
///
|
||||
/// Defaults to `true`.
|
||||
pub validate_signature: bool,
|
||||
/// Whether to validate the `exp` field.
|
||||
///
|
||||
/// It will return an error if the time in the `exp` field is past.
|
||||
|
@ -93,8 +87,6 @@ impl Default for Validation {
|
|||
Validation {
|
||||
leeway: 0,
|
||||
|
||||
validate_signature: true,
|
||||
|
||||
validate_exp: true,
|
||||
validate_iat: true,
|
||||
validate_nbf: true,
|
||||
|
|
|
@ -2,7 +2,7 @@ extern crate jsonwebtoken;
|
|||
#[macro_use]
|
||||
extern crate serde_derive;
|
||||
|
||||
use jsonwebtoken::{encode, decode, Algorithm, Header, sign, verify, Validation};
|
||||
use jsonwebtoken::{encode, decode, decode_header, Algorithm, Header, sign, verify, Validation};
|
||||
|
||||
|
||||
#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]
|
||||
|
@ -97,9 +97,9 @@ fn decode_token_with_shuffled_header_fields() {
|
|||
}
|
||||
|
||||
#[test]
|
||||
fn decode_without_validating_signature() {
|
||||
fn decode_header_only() {
|
||||
let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb21wYW55IjoiMTIzNDU2Nzg5MCIsInN1YiI6IkpvaG4gRG9lIn0.S";
|
||||
let claims = decode::<Claims>(token, "secret".as_ref(), &Validation {validate_signature: false, ..Validation::default()});
|
||||
assert!(claims.is_ok());
|
||||
let header = decode_header(token).unwrap();
|
||||
assert_eq!(header.alg, Algorithm::HS256);
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue