Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support verification of Long[] datatype like in JWTCreator #278

Merged
merged 3 commits into from
Feb 14, 2020
Merged

Support verification of Long[] datatype like in JWTCreator #278

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ba54e5b
Support verification of Long[] datatype like in JWTCreator
skjolber Aug 20, 2018
21ecf78
Add unit tests and handling of integer vs long datatypes
skjolber Jan 29, 2019
3b93ce1
Fix Javadoc
skjolber Feb 14, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 32 additions & 1 deletion lib/src/main/java/com/auth0/jwt/JWTVerifier.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,21 @@ public Verification withArrayClaim(String name, Integer... items) throws Illegal
requireClaim(name, items);
return this;
}

/**
* Require a specific Array Claim to contain at least the given items.
*
* @param name the Claim's name.
* @param items the items the Claim must contain.
* @return this same Verification instance.
* @throws IllegalArgumentException if the name is null.
*/
@Override
public Verification withArrayClaim(String name, Long ... items) throws IllegalArgumentException {
assertNonNull(name);
requireClaim(name, items);
return this;
}

@Override
public JWTVerifier build() {
Expand Down Expand Up @@ -310,7 +325,23 @@ private void assertValidClaim(Claim claim, String claimName, Object value) {
} else if (value instanceof Date) {
isValid = value.equals(claim.asDate());
} else if (value instanceof Object[]) {
List<Object> claimArr = Arrays.asList(claim.as(Object[].class));
List<Object> claimArr;
Object[] claimAsObject = claim.as(Object[].class);

// Jackson uses 'natural' mapping which uses Integer if value fits in 32 bits.
if(value instanceof Long[]) {
// convert Integers to Longs for comparison with equals
claimArr = new ArrayList<>(claimAsObject.length);
for(Object cao : claimAsObject) {
if(cao instanceof Integer) {
claimArr.add(((Integer)cao).longValue());
} else {
claimArr.add(cao);
}
}
} else {
claimArr = Arrays.asList(claim.as(Object[].class));
}
List<Object> valueArr = Arrays.asList((Object[]) value);
isValid = claimArr.containsAll(valueArr);
}
Expand Down
11 changes: 11 additions & 0 deletions lib/src/main/java/com/auth0/jwt/interfaces/Verification.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,17 @@ public interface Verification {
*/
Verification withArrayClaim(String name, Integer... items) throws IllegalArgumentException;

/**
* Require a specific Array Claim to contain at least the given items.
*
* @param name the Claim's name.
* @param items the items the Claim must contain.
* @return this same Verification instance.
* @throws IllegalArgumentException if the name is null.
*/

Verification withArrayClaim(String name, Long ... items) throws IllegalArgumentException;
lbalmaceda marked this conversation as resolved.
Show resolved Hide resolved

/**
* Skip the Issued At ("iat") date verification. By default, the verification is performed.
*/
Expand Down
32 changes: 32 additions & 0 deletions lib/src/test/java/com/auth0/jwt/JWTVerifierTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -326,6 +326,38 @@ public void shouldValidateCustomArrayClaimOfTypeInteger() throws Exception {
assertThat(jwt, is(notNullValue()));
}

@Test
public void shouldValidateCustomArrayClaimOfTypeLong() throws Exception {
String token = "eyJhbGciOiJIUzI1NiJ9.eyJuYW1lIjpbNTAwMDAwMDAwMDAxLDUwMDAwMDAwMDAwMiw1MDAwMDAwMDAwMDNdfQ.vzV7S0gbV9ZAVxChuIt4XZuSVTxMH536rFmoHzxmayM";
DecodedJWT jwt = JWTVerifier.init(Algorithm.HMAC256("secret"))
.withArrayClaim("name", 500000000001L, 500000000002L, 500000000003L)
.build()
.verify(token);

assertThat(jwt, is(notNullValue()));
}

@Test
public void shouldValidateCustomArrayClaimOfTypeLongWhenValueIsInteger() throws Exception {
String token = "eyJhbGciOiJIUzI1NiJ9.eyJuYW1lIjpbMSwyLDNdfQ.UEuMKRQYrzKAiPpPLhIVawWkKWA1zj0_GderrWUIyFE";
DecodedJWT jwt = JWTVerifier.init(Algorithm.HMAC256("secret"))
.withArrayClaim("name", 1L, 2L, 3L)
.build()
.verify(token);

assertThat(jwt, is(notNullValue()));
}

@Test
public void shouldValidateCustomArrayClaimOfTypeLongWhenValueIsIntegerAndLong() throws Exception {
String token = "eyJhbGciOiJIUzI1NiJ9.eyJuYW1lIjpbMSw1MDAwMDAwMDAwMDIsNTAwMDAwMDAwMDAzXX0.PQjb2rPPpYjM2sItZEzZcjS2YbfPCp6xksTSPjpjTQA";
DecodedJWT jwt = JWTVerifier.init(Algorithm.HMAC256("secret"))
.withArrayClaim("name", 1L, 500000000002L, 500000000003L)
.build()
.verify(token);

assertThat(jwt, is(notNullValue()));
}
// Generic Delta
@SuppressWarnings("RedundantCast")
@Test
Expand Down