lib/jwt.rb in jwt-2.0.0 vs lib/jwt.rb in jwt-2.1.0
- old
+ new
@@ -39,23 +39,25 @@
end
def decode_verify_signature(key, header, payload, signature, signing_input, options, &keyfinder)
algo, key = signature_algorithm_and_key(header, payload, key, &keyfinder)
- raise(JWT::IncorrectAlgorithm, 'An algorithm must be specified') unless options[:algorithm]
- raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') unless algo == options[:algorithm]
+ raise(JWT::IncorrectAlgorithm, 'An algorithm must be specified') if allowed_algorithms(options).empty?
+ raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') unless allowed_algorithms(options).include?(algo)
Signature.verify(algo, key, signing_input, signature)
end
def signature_algorithm_and_key(header, payload, key, &keyfinder)
- if keyfinder
- key = if keyfinder.arity == 2
- yield(header, payload)
- else
- yield(header)
- end
- raise JWT::DecodeError, 'No verification key available' unless key
- end
+ key = (keyfinder.arity == 2 ? yield(header, payload) : yield(header)) if keyfinder
+ raise JWT::DecodeError, 'No verification key available' unless key
[header['alg'], key]
+ end
+
+ def allowed_algorithms(options)
+ if options.key?(:algorithm)
+ [options[:algorithm]]
+ else
+ options[:algorithms] || []
+ end
end
end