Fix NoMethodError when a 2 segment token is missing 'alg' header

jwt · Jul 15, 2022 · 0eb6e1f · 0eb6e1f
1 parent b79e4b5
commit 0eb6e1f
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/lib/jwt/decode.rb b/lib/jwt/decode.rb
@@ -113,6 +113,8 @@ def segment_length
     end
 
     def none_algorithm?
+      return false unless algorithm.respond_to? :casecmp
+
       algorithm.casecmp('none').zero?
     end
 

diff --git a/spec/jwt_spec.rb b/spec/jwt_spec.rb
@@ -6,6 +6,7 @@
   let :data do
     data = {
       :empty_token => 'e30K.e30K.e30K',
+      :empty_token_2_segment => 'e30K.e30K.',
       :secret => 'My$ecretK3y',
       :rsa_private => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'rsa-2048-private.pem'))),
       :rsa_public => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'rsa-2048-public.pem'))),
@@ -537,6 +538,14 @@
             JWT.decode data[:empty_token]
           end.to raise_error JWT::IncorrectAlgorithm
         end
+
+        context '2-segment token' do
+          it 'should raise JWT::IncorrectAlgorithm' do
+            expect do
+              JWT.decode data[:empty_token_2_segment]
+            end.to raise_error JWT::DecodeError
+          end
+        end
       end
     end