New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Raise a JWT::DecodeError when token is not a String #439
base: main
Are you sure you want to change the base?
Conversation
Hello, @kalilz4485! This is your first Pull Request that will be reviewed by SourceLevel, an automatic Code Review service. It will leave comments on this diff with potential issues and style violations found in the code as you push new commits. You can also see all the issues found on this Pull Request on its review page. Please check our documentation for more information. |
@@ -9,7 +9,7 @@ module JWT | |||
# Decoding logic for JWT | |||
class Decode | |||
def initialize(jwt, key, verify, options, &keyfinder) | |||
raise(JWT::DecodeError, 'Nil JSON web token') unless jwt | |||
raise(JWT::DecodeError, "#{jwt.class} JSON web token") unless jwt.class == String |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Decode#initialize calls 'jwt.class' 2 times
SourceLevel has finished reviewing this Pull Request and has found:
|
@@ -9,7 +9,7 @@ module JWT | |||
# Decoding logic for JWT | |||
class Decode | |||
def initialize(jwt, key, verify, options, &keyfinder) | |||
raise(JWT::DecodeError, 'Nil JSON web token') unless jwt | |||
raise(JWT::DecodeError, "#{jwt.class} JSON web token") unless jwt.class == String |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would suggest using the Object#is_a?
to check the type of the given parameter. The method also takes inheritance into consideration.
Also think it would solve the sourceleve-bot whining.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Im wondering if this could be just a
raise TypeError, 'JSON web token is expected to be a String. #{jwt.class} given' unless jwt.is_a?(String)
Changing the type will introduce some backwards incompatibility, so maybe
raise JWT::DecodeError, 'JSON web token is expected to be a String. #{jwt.class} given' unless jwt.is_a?(String)
context 'when token is not a String' do | ||
it 'raises JWT::DecodeError' do | ||
expect { JWT.decode(nil, nil, true) }.to raise_error(JWT::DecodeError, 'NilClass JSON web token') | ||
expect { JWT.decode(1, nil, true) }.to raise_error(JWT::DecodeError, 'Integer JSON web token') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Integer is still Fixnum in some older rubies that the gem supports (See the failing tests)
從我的iPhone 傳送
… Joakim Antman ***@***.***> 於 2021年8月22日 上午1:29 寫道:
@anakinj commented on this pull request.
In lib/jwt/decode.rb:
> @@ -9,7 +9,7 @@ module JWT
# Decoding logic for JWT
class Decode
def initialize(jwt, key, verify, options, &keyfinder)
- raise(JWT::DecodeError, 'Nil JSON web token') unless jwt
+ raise(JWT::DecodeError, "#{jwt.class} JSON web token") unless jwt.class == String
Im wondering if this could be just a raise TypeError, 'JSON web token is expected to be a String #{jwt.class} given' unless jwt.is_a?(String)
Maybe to not brake backwards compatibility:
raise JWT::DecodeError, 'JSON web token is expected to be a String #{jwt.class} given' unless jwt.is_a?(String)
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
Hello,
Currently when doing
You get a
JWT::DecodeError (Nil JSON web token)
or
You get a
JWT::DecodeError (Not enough or too many segments)
But we don't check for anything else than nil, everything else will supposedly fail at the
.split
in theinitialize
e.g.
will give
NoMethodError (undefined method 'split' for 3:Integer)
The only question is should this be the gem's responsibility to check that ? And if yes should we do the same with the secret (gives a
TypeError
which is slightly better)PR is as close as possible from previous code to return a
JWT::DecodeError