honeymoose
/
jjwt
mirror of https://github.com/jwtk/jjwt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't allow empty or null claimName or null value for claim expectations.

This commit is contained in:
Micah Silverman 2015-09-23 01:12:54 -04:00
parent f2e620e36b
commit 5ecaacde5a
2 changed files with 42 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/io/jsonwebtoken/impl/DefaultJwtParser.java
View File

@ -103,9 +103,9 @@ public class DefaultJwtParser implements JwtParser {
@Override @Override
public JwtParser expect(String claimName, Object value) { public JwtParser expect(String claimName, Object value) {
if (claimName != null && claimName.length() > 0 && value != null) { Assert.hasText(claimName, "claim name cannot be null or empty.");
Assert.notNull(value, "The value cannot be null for claim name: " + claimName);
expectedClaims.put(claimName, value); expectedClaims.put(claimName, value);
}
return this; return this;
} }

36
src/test/groovy/io/jsonwebtoken/JwtParserTest.groovy
View File

@ -727,7 +727,7 @@ class JwtParserTest {
} }
@Test @Test
void testParseExpectIgnoreNullClaimName() { void testParseExpectDontAllowNullClaimName() {
def expectedClaimValue = 'A Most Awesome Claim Value' def expectedClaimValue = 'A Most Awesome Claim Value'
byte[] key = randomKey() byte[] key = randomKey()
@ -737,16 +737,22 @@ class JwtParserTest {
setIssuer('Dummy'). setIssuer('Dummy').
compact() compact()
try {
// expecting null claim name, but with value // expecting null claim name, but with value
Jwt<Header, Claims> jwt = Jwts.parser().setSigningKey(key). Jwt<Header, Claims> jwt = Jwts.parser().setSigningKey(key).
expect(null, expectedClaimValue). expect(null, expectedClaimValue).
parseClaimsJws(compact) parseClaimsJws(compact)
fail()
assertEquals jwt.getBody().getIssuer(), 'Dummy' } catch (IllegalArgumentException e) {
assertEquals(
"claim name cannot be null or empty.",
e.getMessage()
)
}
} }
@Test @Test
void testParseExpectIgnoreEmptyClaimName() { void testParseExpectDontAllowEmptyClaimName() {
def expectedClaimValue = 'A Most Awesome Claim Value' def expectedClaimValue = 'A Most Awesome Claim Value'
byte[] key = randomKey() byte[] key = randomKey()
@ -756,16 +762,22 @@ class JwtParserTest {
setIssuer('Dummy'). setIssuer('Dummy').
compact() compact()
try {
// expecting null claim name, but with value // expecting null claim name, but with value
Jwt<Header, Claims> jwt = Jwts.parser().setSigningKey(key). Jwt<Header, Claims> jwt = Jwts.parser().setSigningKey(key).
expect("", expectedClaimValue). expect("", expectedClaimValue).
parseClaimsJws(compact) parseClaimsJws(compact)
fail()
assertEquals jwt.getBody().getIssuer(), 'Dummy' } catch (IllegalArgumentException e) {
assertEquals(
"claim name cannot be null or empty.",
e.getMessage()
)
}
} }
@Test @Test
void testParseExpectIgnoreNullClaimValue() { void testParseExpectDontAllowNullClaimValue() {
def expectedClaimName = 'A Most Awesome Claim Name' def expectedClaimName = 'A Most Awesome Claim Name'
byte[] key = randomKey() byte[] key = randomKey()
@ -775,12 +787,18 @@ class JwtParserTest {
setIssuer('Dummy'). setIssuer('Dummy').
compact() compact()
try {
// expecting claim name, but with null value // expecting claim name, but with null value
Jwt<Header, Claims> jwt = Jwts.parser().setSigningKey(key). Jwt<Header, Claims> jwt = Jwts.parser().setSigningKey(key).
expect(expectedClaimName, null). expect(expectedClaimName, null).
parseClaimsJws(compact) parseClaimsJws(compact)
fail()
assertEquals jwt.getBody().getIssuer(), 'Dummy' } catch (IllegalArgumentException e) {
assertEquals(
"The value cannot be null for claim name: " + expectedClaimName,
e.getMessage()
)
}
} }
@Test @Test