Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upstream fix for security vulnerability from form3tech-oss/jwt-go fork #40

Merged
merged 1 commit into from Jul 30, 2021
Merged

upstream fix for security vulnerability from form3tech-oss/jwt-go fork #40

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
36 changes: 24 additions & 12 deletions map_claims.go
View file
Open in desktop
Expand Up @@ -34,27 +34,35 @@ func (m MapClaims) VerifyAudience(cmp string, req bool) bool {
// Compares the exp claim against cmp.
// If required is false, this method will return true if the value matches or is unset
func (m MapClaims) VerifyExpiresAt(cmp int64, req bool) bool {
switch exp := m["exp"].(type) {
exp, ok := m["exp"]
if !ok {
return !req
}
switch expType := exp.(type) {
case float64:
return verifyExp(int64(exp), cmp, req)
return verifyExp(int64(expType), cmp, req)
case json.Number:
v, _ := exp.Int64()
v, _ := expType.Int64()
return verifyExp(v, cmp, req)
}
return !req
return false
}

// Compares the iat claim against cmp.
// If required is false, this method will return true if the value matches or is unset
func (m MapClaims) VerifyIssuedAt(cmp int64, req bool) bool {
switch iat := m["iat"].(type) {
iat, ok := m["iat"]
if !ok {
return !req
}
switch iatType := iat.(type) {
case float64:
return verifyIat(int64(iat), cmp, req)
return verifyIat(int64(iatType), cmp, req)
case json.Number:
v, _ := iat.Int64()
v, _ := iatType.Int64()
return verifyIat(v, cmp, req)
}
return !req
return false
}

// Compares the iss claim against cmp.
Expand All @@ -67,14 +75,18 @@ func (m MapClaims) VerifyIssuer(cmp string, req bool) bool {
// Compares the nbf claim against cmp.
// If required is false, this method will return true if the value matches or is unset
func (m MapClaims) VerifyNotBefore(cmp int64, req bool) bool {
switch nbf := m["nbf"].(type) {
nbf, ok := m["nbf"]
if !ok {
return !req
}
switch nbfType := nbf.(type) {
case float64:
return verifyNbf(int64(nbf), cmp, req)
return verifyNbf(int64(nbfType), cmp, req)
case json.Number:
v, _ := nbf.Int64()
v, _ := nbfType.Int64()
return verifyNbf(v, cmp, req)
}
return !req
return false
}

// Validates time based claims "exp, iat, nbf".
Expand Down
34 changes: 34 additions & 0 deletions map_claims_test.go
View file
Open in desktop
Expand Up @@ -66,3 +66,37 @@ func TestVerifyAud(t *testing.T) {
})
}
}

func TestMapclaimsVerifyIssuedAtInvalidTypeString(t *testing.T) {
mapClaims := MapClaims{
"iat": "foo",
}
want := false
got := mapClaims.VerifyIssuedAt(0, false)
if want != got {
t.Fatalf("Failed to verify claims, wanted: %v got %v", want, got)
}
}

func TestMapclaimsVerifyNotBeforeInvalidTypeString(t *testing.T) {
mapClaims := MapClaims{
"nbf": "foo",
}
want := false
got := mapClaims.VerifyNotBefore(0, false)
if want != got {
t.Fatalf("Failed to verify claims, wanted: %v got %v", want, got)
}
}

func TestMapclaimsVerifyExpiresAtInvalidTypeString(t *testing.T) {
mapClaims := MapClaims{
"exp": "foo",
}
want := false
got := mapClaims.VerifyExpiresAt(0, false)

if want != got {
t.Fatalf("Failed to verify claims, wanted: %v got %v", want, got)
}
}