Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Conflict in validation::validate #51

Closed
fundon opened this issue Jun 13, 2018 · 1 comment
Closed

Conflict in validation::validate #51

fundon opened this issue Jun 13, 2018 · 1 comment

Comments

@fundon
Copy link

fundon commented Jun 13, 2018
edited

main.rs

extern crate jsonwebtoken;
#[macro_use]
extern crate serde_derive;
extern crate serde;
use jsonwebtoken::{decode, encode, Header, Validation};

#[derive(Debug, Serialize, Deserialize)]
struct Meta {
    id: i32,
}

fn main() {
    let v = Validation {
        leeway: 5,
        validate_exp: true,
        iss: Some("iss no check".to_string()),
        sub: Some("sub no check".to_string()),
        ..Validation::default()
    };

    let meta = Meta { id: 32 };

    let token = encode(&Header::default(), &meta, "secret".as_ref()).unwrap();

    println!("{:#?}", v);
    println!("{:}", token);

    if let Ok(new_meta) = decode::<Meta>(&token, "secret".as_ref(), &v) {
        println!("{}", "succed");
        println!("{:?}", new_meta);
    } else {
        println!("{}", "failed");
    }
}

output

Validation {
    leeway: 5,
    validate_exp: true,
    validate_iat: true,
    validate_nbf: true,
    aud: None,
    iss: Some(
        "iss no check"
    ),
    sub: Some(
        "sub no check"
    ),
    algorithms: [
        HS256
    ]
}
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6MzJ9.BtzaL8AzJJtMOqPWZM2sSmOfTSje5osCILeWGEpWqBA
{
    "id": Number(
        32
    )
}
Validation {
    leeway: 5,
    validate_exp: true,
    validate_iat: true,
    validate_nbf: true,
    aud: None,
    iss: Some(
        "iss no check"
    ),
    sub: Some(
        "sub no check"
    ),
    algorithms: [
        HS256
    ]
}
succed
TokenData { header: Header { typ: Some("JWT"), alg: HS256, cty: None, jku: None, kid: None, x5u: None, x5t: None }, claims: Meta { id: 32 } }

From https://github.com/Keats/jsonwebtoken/blob/master/src/validation.rs#L121-L147

    if let Some(exp) = claims.get("exp") {
        if options.validate_exp && from_value::<i64>(exp.clone())? < now - options.leeway {
            return Err(ErrorKind::ExpiredSignature.into());
        }
    }

    if let Some(nbf) = claims.get("nbf") {
        if options.validate_nbf && from_value::<i64>(nbf.clone())? > now + options.leeway {
            return Err(ErrorKind::ImmatureSignature.into());
        }
    }

    if let Some(iss) = claims.get("iss") {
        if let Some(ref correct_iss) = options.iss {
            if from_value::<String>(iss.clone())? != *correct_iss {
                return Err(ErrorKind::InvalidIssuer.into());
            }
        }
    }

    if let Some(sub) = claims.get("sub") {
        if let Some(ref correct_sub) = options.sub {
            if from_value::<String>(sub.clone())? != *correct_sub {
                return Err(ErrorKind::InvalidSubject.into());
            }
        }
}

Should check options.validate_exp then echeck claims.get("exp"), the others are probably the same.
@Keats
Copy link
Owner

Keats commented Jul 25, 2018

Sorry, completely missed that issue. It should be fixed in the PR above and in the next release

@Keats Keats closed this as completed in 5528497 Aug 13, 2018
@Keats Keats mentioned this issue Nov 9, 2018
Closed
JadedBlueEyes referenced this issue in JadedBlueEyes/jsonwebtoken Apr 13, 2023
Fix validation not working properly
fcb1be9 
Close #51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fundon @Keats