Raise a JWT::DecodeError when token is not a String #439
Conversation
|
Hello, @kalilz4485! This is your first Pull Request that will be reviewed by SourceLevel, an automatic Code Review service. It will leave comments on this diff with potential issues and style violations found in the code as you push new commits. You can also see all the issues found on this Pull Request on its review page. Please check our documentation for more information. |
![sourcelevel-bot[bot]](https://avatars.githubusercontent.com/in/597?s=60&v=4){kind=small}
| class Decode | ||
| def initialize(jwt, key, verify, options, &keyfinder) | ||
| raise(JWT::DecodeError, 'Nil JSON web token') unless jwt | ||
| raise(JWT::DecodeError, "#{jwt.class} JSON web token") unless jwt.class == String |
There was a problem hiding this comment.
JWT::Decode#initialize calls 'jwt.class' 2 times
|
SourceLevel has finished reviewing this Pull Request and has found:
|
| class Decode | ||
| def initialize(jwt, key, verify, options, &keyfinder) | ||
| raise(JWT::DecodeError, 'Nil JSON web token') unless jwt | ||
| raise(JWT::DecodeError, "#{jwt.class} JSON web token") unless jwt.class == String |
There was a problem hiding this comment.
Would suggest using the Object#is_a?to check the type of the given parameter. The method also takes inheritance into consideration.
Also think it would solve the sourceleve-bot whining.
There was a problem hiding this comment.
Im wondering if this could be just a
raise TypeError, 'JSON web token is expected to be a String. #{jwt.class} given' unless jwt.is_a?(String)
Changing the type will introduce some backwards incompatibility, so maybe
raise JWT::DecodeError, 'JSON web token is expected to be a String. #{jwt.class} given' unless jwt.is_a?(String)
| context 'when token is not a String' do | ||
| it 'raises JWT::DecodeError' do | ||
| expect { JWT.decode(nil, nil, true) }.to raise_error(JWT::DecodeError, 'NilClass JSON web token') | ||
| expect { JWT.decode(1, nil, true) }.to raise_error(JWT::DecodeError, 'Integer JSON web token') |
There was a problem hiding this comment.
Integer is still Fixnum in some older rubies that the gem supports (See the failing tests)
|
從我的iPhone 傳送
… Joakim Antman ***@***.***> 於 2021年8月22日 上午1:29 寫道:
@anakinj commented on this pull request.
In lib/jwt/decode.rb:
> @@ -9,7 +9,7 @@ module JWT
# Decoding logic for JWT
class Decode
def initialize(jwt, key, verify, options, &keyfinder)
- raise(JWT::DecodeError, 'Nil JSON web token') unless jwt
+ raise(JWT::DecodeError, "#{jwt.class} JSON web token") unless jwt.class == String
Im wondering if this could be just a raise TypeError, 'JSON web token is expected to be a String #{jwt.class} given' unless jwt.is_a?(String)
Maybe to not brake backwards compatibility:
raise JWT::DecodeError, 'JSON web token is expected to be a String #{jwt.class} given' unless jwt.is_a?(String)
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
I'm going to close this one as stale. Please reopen or create a new one if work is still going to happen related to this. |
3 participants
Hello,
Currently when doing
You get a
JWT::DecodeError (Nil JSON web token)or
You get a
JWT::DecodeError (Not enough or too many segments)But we don't check for anything else than nil, everything else will supposedly fail at the
.splitin theinitializee.g.
will give
NoMethodError (undefined method 'split' for 3:Integer)The only question is should this be the gem's responsibility to check that ? And if yes should we do the same with the secret (gives a
TypeErrorwhich is slightly better)PR is as close as possible from previous code to return a
JWT::DecodeError