see #9 Merge branch 'master' of https://github.com/ShaneKilkelly/clj-jwt into ShaneKilkelly-master

2014-09-15 23:17:17 +09:00 · 2014-09-15 23:17:17 +09:00 · 9da81ace39
commit 9da81ace39
parent 289a9901f7 d07210c4d1
2 changed files with 6 additions and 1 deletions
--- a/src/clj_jwt/core.clj
+++ b/src/clj_jwt/core.clj
@ -69,6 +69,9 @@
    ([this key]
     (let [alg (-> this :header :alg keyword)]
       (cond
+         (and (= :none alg) (not (= "" key)))
+         false
+
         (= :none alg) (= "" (:signature this))

         (supported-algorithm? alg)
@ -88,4 +91,3 @@
    (->JWT (encoded-json->map header)
           (encoded-json->map claims)
           (or signature ""))))
-
--- a/test/clj_jwt/core_test.clj
+++ b/test/clj_jwt/core_test.clj
@ -98,16 +98,19 @@
  (fact "HS256 signed JWT should be verified."
    (-> claim jwt (sign "foo") (verify "foo"))                 => true
    (-> claim jwt (sign "foo") to-str str->jwt (verify "foo")) => true
+    (-> claim jwt              to-str str->jwt (verify "foo")) => false
    (-> claim jwt (sign "foo") (verify "bar"))                 => false)

  (fact "HS384 signed JWT should be verified."
    (-> claim jwt (sign :HS384 "foo") (verify "foo"))                 => true
    (-> claim jwt (sign :HS384 "foo") to-str str->jwt (verify "foo")) => true
+    (-> claim jwt                     to-str str->jwt (verify "foo")) => false
    (-> claim jwt (sign :HS384 "foo") (verify "bar"))                 => false)

  (fact "HS512 signed JWT should be verified."
    (-> claim jwt (sign :HS512 "foo") (verify "foo"))                 => true
    (-> claim jwt (sign :HS512 "foo") to-str str->jwt (verify "foo")) => true
+    (-> claim jwt                     to-str str->jwt (verify "foo")) => false
    (-> claim jwt (sign :HS512 "foo") (verify "bar"))                 => false)

  (fact "RS256 signed JWT should be verified."