ruby-jwt icon indicating copy to clipboard operation
ruby-jwt copied to clipboard

Published 20 hours ago verified publisher icon jwt

Raise a JWT::DecodeError when token is not a String

Open kalilz4485 opened this issue 4 years ago • 3 comments
trafficstars

Hello,

Currently when doing

JWT.decode(nil, nil)

You get a JWT::DecodeError (Nil JSON web token)

or

JWT.decode('invalid', nil)

You get a JWT::DecodeError (Not enough or too many segments)

But we don't check for anything else than nil, everything else will supposedly fail at the .split in the initialize e.g.

JWT.decode(10, nil)

will give NoMethodError (undefined method 'split' for 3:Integer)

The only question is should this be the gem's responsibility to check that ? And if yes should we do the same with the secret (gives a TypeError which is slightly better)

PR is as close as possible from previous code to return a JWT::DecodeError

kalilz4485 avatar Aug 19 '21 10:08 kalilz4485

Hello, @kalilz4485! This is your first Pull Request that will be reviewed by SourceLevel, an automatic Code Review service. It will leave comments on this diff with potential issues and style violations found in the code as you push new commits. You can also see all the issues found on this Pull Request on its review page. Please check our documentation for more information.

sourcelevel-bot[bot] avatar Aug 19 '21 10:08 sourcelevel-bot[bot]

SourceLevel has finished reviewing this Pull Request and has found:

  • 1 possible new issue (including those that may have been commented here).

See more details about this review.

sourcelevel-bot[bot] avatar Aug 19 '21 10:08 sourcelevel-bot[bot]

從我的iPhone 傳送

Joakim Antman @.***> 於 2021年8月22日 上午1:29 寫道:

 @anakinj commented on this pull request.

In lib/jwt/decode.rb:

@@ -9,7 +9,7 @@ module JWT

Decoding logic for JWT

class Decode def initialize(jwt, key, verify, options, &keyfinder)

  •  raise(JWT::DecodeError, 'Nil JSON web token') unless jwt

  •  raise(JWT::DecodeError, "#{jwt.class} JSON web token") unless jwt.class == String

Im wondering if this could be just a raise TypeError, 'JSON web token is expected to be a String #{jwt.class} given' unless jwt.is_a?(String)

Maybe to not brake backwards compatibility: raise JWT::DecodeError, 'JSON web token is expected to be a String #{jwt.class} given' unless jwt.is_a?(String)

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

a0960909060 avatar Aug 21 '21 20:08 a0960909060