receive Audience as List instead of an Array.

lbalmaceda · lbalmaceda · commit 38d2ce252d3d · 2016-11-21T15:20:17.000-03:00
diff --git a/README.md b/README.md
@@ -206,10 +206,10 @@ String subject = jwt.getSubject();
 
 #### Audience ("aud")
 
-Returns the Audience value in or null if it's not defined in the Payload.
+Returns the Audience value or null if it's not defined in the Payload.
 
 ```java
-String[] audience = jwt.getAudience();
+List<String> audience = jwt.getAudience();
 ```
 
 #### Expiration Time ("exp")
diff --git a/lib/src/main/java/com/auth0/jwt/JWT.java b/lib/src/main/java/com/auth0/jwt/JWT.java
@@ -5,6 +5,7 @@
 import com.auth0.jwt.interfaces.Claim;
 
 import java.util.Date;
+import java.util.List;
 
 public final class JWT implements com.auth0.jwt.interfaces.JWT {
 
@@ -62,7 +63,7 @@ public String getSubject() {
     }
 
     @Override
-    public String[] getAudience() {
+    public List<String> getAudience() {
         return jwt.getAudience();
     }
 
diff --git a/lib/src/main/java/com/auth0/jwt/JWTDecoder.java b/lib/src/main/java/com/auth0/jwt/JWTDecoder.java
@@ -10,6 +10,7 @@
 import org.apache.commons.codec.binary.StringUtils;
 
 import java.util.Date;
+import java.util.List;
 
 /**
  * The JWTDecoder class holds the decode method to parse a given Token into it's JWT representation.
@@ -88,7 +89,7 @@ public String getSubject() {
     }
 
     @Override
-    public String[] getAudience() {
+    public List<String> getAudience() {
         return payload.getAudience();
     }
 
diff --git a/lib/src/main/java/com/auth0/jwt/JWTVerifier.java b/lib/src/main/java/com/auth0/jwt/JWTVerifier.java
@@ -83,7 +83,7 @@ public Verification withSubject(String subject) {
          * @return this same Verification instance.
          */
         public Verification withAudience(String... audience) {
-            requireClaim(PublicClaims.AUDIENCE, audience);
+            requireClaim(PublicClaims.AUDIENCE, Arrays.asList(audience));
             return this;
         }
 
@@ -258,7 +258,7 @@ private void verifyClaims(JWT jwt, Map<String, Object> claims) {
         for (Map.Entry<String, Object> entry : claims.entrySet()) {
             switch (entry.getKey()) {
                 case PublicClaims.AUDIENCE:
-                    assertValidAudienceClaim(jwt.getAudience(), (String[]) entry.getValue());
+                    assertValidAudienceClaim(jwt.getAudience(), (List<String>) entry.getValue());
                     break;
                 case PublicClaims.EXPIRES_AT:
                     assertValidDateClaim(jwt.getExpiresAt(), (Long) entry.getValue(), true);
@@ -329,9 +329,9 @@ private void assertValidDateClaim(Date date, long leeway, boolean shouldBeFuture
         }
     }
 
-    private void assertValidAudienceClaim(String[] audience, String[] value) {
-        if (!Arrays.equals(audience, value)) {
-            throw new InvalidClaimException("The Claim 'aud' value doesn't match the required one.");
+    private void assertValidAudienceClaim(List<String> audience, List<String> value) {
+        if (audience == null || !audience.containsAll(value)) {
+            throw new InvalidClaimException("The Claim 'aud' value doesn't contain the required audience.");
         }
     }
 }
diff --git a/lib/src/main/java/com/auth0/jwt/impl/PayloadDeserializer.java b/lib/src/main/java/com/auth0/jwt/impl/PayloadDeserializer.java
@@ -11,8 +11,7 @@
 import com.fasterxml.jackson.databind.deser.std.StdDeserializer;
 
 import java.io.IOException;
-import java.util.Date;
-import java.util.Map;
+import java.util.*;
 
 class PayloadDeserializer extends StdDeserializer<Payload> {
 
@@ -34,7 +33,7 @@ public Payload deserialize(JsonParser p, DeserializationContext ctxt) throws IOE
 
         String issuer = getString(tree, PublicClaims.ISSUER);
         String subject = getString(tree, PublicClaims.SUBJECT);
-        String[] audience = getStringOrArray(tree, PublicClaims.AUDIENCE);
+        List<String> audience = getStringOrArray(tree, PublicClaims.AUDIENCE);
         Date expiresAt = getDateFromSeconds(tree, PublicClaims.EXPIRES_AT);
         Date notBefore = getDateFromSeconds(tree, PublicClaims.NOT_BEFORE);
         Date issuedAt = getDateFromSeconds(tree, PublicClaims.ISSUED_AT);
@@ -43,25 +42,25 @@ public Payload deserialize(JsonParser p, DeserializationContext ctxt) throws IOE
         return new PayloadImpl(issuer, subject, audience, expiresAt, notBefore, issuedAt, jwtId, tree);
     }
 
-    String[] getStringOrArray(Map<String, JsonNode> tree, String claimName) throws JWTDecodeException {
+    List<String> getStringOrArray(Map<String, JsonNode> tree, String claimName) throws JWTDecodeException {
         JsonNode node = tree.remove(claimName);
         if (node == null || node.isNull() || !(node.isArray() || node.isTextual())) {
             return null;
         }
         if (node.isTextual() && !node.asText().isEmpty()) {
-            return new String[]{node.asText()};
+            return Collections.singletonList(node.asText());
         }
 
         ObjectMapper mapper = new ObjectMapper();
-        String[] arr = new String[node.size()];
+        List<String> list = new ArrayList<>(node.size());
         for (int i = 0; i < node.size(); i++) {
             try {
-                arr[i] = mapper.treeToValue(node.get(i), String.class);
+                list.add(mapper.treeToValue(node.get(i), String.class));
             } catch (JsonProcessingException e) {
                 throw new JWTDecodeException("Couldn't map the Claim's array contents to String", e);
             }
         }
-        return arr;
+        return list;
     }
 
     Date getDateFromSeconds(Map<String, JsonNode> tree, String claimName) {
diff --git a/lib/src/main/java/com/auth0/jwt/impl/PayloadImpl.java b/lib/src/main/java/com/auth0/jwt/impl/PayloadImpl.java
@@ -4,10 +4,7 @@
 import com.auth0.jwt.interfaces.Payload;
 import com.fasterxml.jackson.databind.JsonNode;
 
-import java.util.Collections;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Map;
+import java.util.*;
 
 import static com.auth0.jwt.impl.ClaimImpl.extractClaim;
 
@@ -17,14 +14,14 @@
 class PayloadImpl implements Payload {
     private final String issuer;
     private final String subject;
-    private final String[] audience;
+    private final List<String> audience;
     private final Date expiresAt;
     private final Date notBefore;
     private final Date issuedAt;
     private final String jwtId;
     private final Map<String, JsonNode> tree;
 
-    PayloadImpl(String issuer, String subject, String[] audience, Date expiresAt, Date notBefore, Date issuedAt, String jwtId, Map<String, JsonNode> tree) {
+    PayloadImpl(String issuer, String subject, List<String> audience, Date expiresAt, Date notBefore, Date issuedAt, String jwtId, Map<String, JsonNode> tree) {
         this.issuer = issuer;
         this.subject = subject;
         this.audience = audience;
@@ -50,7 +47,7 @@ public String getSubject() {
     }
 
     @Override
-    public String[] getAudience() {
+    public List<String> getAudience() {
         return audience;
     }
 
diff --git a/lib/src/main/java/com/auth0/jwt/interfaces/Payload.java b/lib/src/main/java/com/auth0/jwt/interfaces/Payload.java
@@ -1,6 +1,7 @@
 package com.auth0.jwt.interfaces;
 
 import java.util.Date;
+import java.util.List;
 
 /**
  * The Payload class represents the 2nd part of the JWT, where the Payload value is hold.
@@ -26,7 +27,7 @@ public interface Payload {
      *
      * @return the Audience value or null.
      */
-    String[] getAudience();
+    List<String> getAudience();
 
     /**
      * Get the value of the "exp" claim, or null if it's not available.
diff --git a/lib/src/test/java/com/auth0/jwt/JWTDecoderTest.java b/lib/src/test/java/com/auth0/jwt/JWTDecoderTest.java
@@ -5,6 +5,8 @@
 import com.auth0.jwt.interfaces.Claim;
 import com.auth0.jwt.interfaces.JWT;
 import org.apache.commons.codec.binary.Base64;
+import org.hamcrest.collection.IsCollectionWithSize;
+import org.hamcrest.core.IsCollectionContaining;
 import org.junit.Ignore;
 import org.junit.Rule;
 import org.junit.Test;
@@ -105,16 +107,16 @@ public void shouldGetSubject() throws Exception {
     public void shouldGetArrayAudience() throws Exception {
         JWT jwt = JWTDecoder.decode("eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOlsiSG9wZSIsIlRyYXZpcyIsIlNvbG9tb24iXX0.Tm4W8WnfPjlmHSmKFakdij0on2rWPETpoM7Sh0u6-S4");
         assertThat(jwt, is(notNullValue()));
-        assertThat(jwt.getAudience(), is(arrayWithSize(3)));
-        assertThat(jwt.getAudience(), is(arrayContaining("Hope", "Travis", "Solomon")));
+        assertThat(jwt.getAudience(), is(IsCollectionWithSize.hasSize(3)));
+        assertThat(jwt.getAudience(), is(IsCollectionContaining.hasItems("Hope", "Travis", "Solomon")));
     }
 
     @Test
     public void shouldGetStringAudience() throws Exception {
         JWT jwt = JWTDecoder.decode("eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJKYWNrIFJleWVzIn0.a4I9BBhPt1OB1GW67g2P1bEHgi6zgOjGUL4LvhE9Dgc");
         assertThat(jwt, is(notNullValue()));
-        assertThat(jwt.getAudience(), is(arrayWithSize(1)));
-        assertThat(jwt.getAudience(), is(arrayContaining("Jack Reyes")));
+        assertThat(jwt.getAudience(), is(IsCollectionWithSize.hasSize(1)));
+        assertThat(jwt.getAudience(), is(IsCollectionContaining.hasItems("Jack Reyes")));
     }
 
     @Test
diff --git a/lib/src/test/java/com/auth0/jwt/JWTTest.java b/lib/src/test/java/com/auth0/jwt/JWTTest.java
@@ -1,6 +1,8 @@
 package com.auth0.jwt;
 
 import com.auth0.jwt.algorithms.Algorithm;
+import org.hamcrest.collection.IsCollectionWithSize;
+import org.hamcrest.core.IsCollectionContaining;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
@@ -207,8 +209,8 @@ public void shouldGetArrayAudience() throws Exception {
                 .verify(token);
 
         assertThat(jwt, is(notNullValue()));
-        assertThat(jwt.getAudience(), is(arrayWithSize(3)));
-        assertThat(jwt.getAudience(), is(arrayContaining("Hope", "Travis", "Solomon")));
+        assertThat(jwt.getAudience(), is(IsCollectionWithSize.hasSize(3)));
+        assertThat(jwt.getAudience(), is(IsCollectionContaining.hasItems("Hope", "Travis", "Solomon")));
     }
 
     @Test
@@ -219,8 +221,8 @@ public void shouldGetStringAudience() throws Exception {
                 .verify(token);
 
         assertThat(jwt, is(notNullValue()));
-        assertThat(jwt.getAudience(), is(arrayWithSize(1)));
-        assertThat(jwt.getAudience(), is(arrayContaining("Jack Reyes")));
+        assertThat(jwt.getAudience(), is(IsCollectionWithSize.hasSize(1)));
+        assertThat(jwt.getAudience(), is(IsCollectionContaining.hasItems("Jack Reyes")));
     }
 
     @Test
diff --git a/lib/src/test/java/com/auth0/jwt/JWTVerifierTest.java b/lib/src/test/java/com/auth0/jwt/JWTVerifierTest.java
@@ -101,10 +101,22 @@ public void shouldValidateAudience() throws Exception {
         assertThat(jwtArr, is(notNullValue()));
     }
 
+    @Test
+    public void shouldAcceptPartialAudience() throws Exception {
+        //Token 'aud' = ["Mark", "David", "John"]
+        String tokenArr = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiTWFyayIsIkRhdmlkIiwiSm9obiJdfQ.DX5xXiCaYvr54x_iL0LZsJhK7O6HhAdHeDYkgDeb0Rw";
+        JWT jwtArr = JWTVerifier.init(Algorithm.HMAC256("secret"))
+                .withAudience("John")
+                .build()
+                .verify(tokenArr);
+
+        assertThat(jwtArr, is(notNullValue()));
+    }
+
     @Test
     public void shouldThrowOnInvalidAudience() throws Exception {
         exception.expect(InvalidClaimException.class);
-        exception.expectMessage("The Claim 'aud' value doesn't match the required one.");
+        exception.expectMessage("The Claim 'aud' value doesn't contain the required audience.");
         String token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.Rq8IxqeX7eA6GgYxlcHdPFVRNFFZc5rEI3MQTZZbK3I";
         JWTVerifier.init(Algorithm.HMAC256("secret"))
                 .withAudience("nope")
diff --git a/lib/src/test/java/com/auth0/jwt/impl/PayloadDeserializerTest.java b/lib/src/test/java/com/auth0/jwt/impl/PayloadDeserializerTest.java
@@ -10,7 +10,9 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.*;
-import org.hamcrest.collection.IsArrayContaining;
+import org.hamcrest.collection.IsCollectionWithSize;
+import org.hamcrest.collection.IsEmptyCollection;
+import org.hamcrest.core.IsCollectionContaining;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -20,7 +22,6 @@
 import java.util.*;
 
 import static org.hamcrest.Matchers.*;
-import static org.hamcrest.collection.IsArrayContainingInOrder.arrayContaining;
 import static org.junit.Assert.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
@@ -91,7 +92,7 @@ public void shouldRemoveKnownPublicClaimsFromTree() throws Exception {
         assertThat(payload, is(notNullValue()));
         assertThat(payload.getIssuer(), is("auth0"));
         assertThat(payload.getSubject(), is("emails"));
-        assertThat(payload.getAudience(), is(IsArrayContaining.hasItemInArray("users")));
+        assertThat(payload.getAudience(), is(IsCollectionContaining.hasItem("users")));
         assertThat(payload.getIssuedAt().getTime(), is(10101010L * 1000));
         assertThat(payload.getExpiresAt().getTime(), is(11111111L * 1000));
         assertThat(payload.getNotBefore().getTime(), is(10101011L * 1000));
@@ -119,10 +120,10 @@ public void shouldGetStringArrayWhenParsingArrayNode() throws Exception {
         ArrayNode arrNode = new ArrayNode(JsonNodeFactory.instance, subNodes);
         tree.put("key", arrNode);
 
-        String[] values = deserializer.getStringOrArray(tree, "key");
+        List<String> values = deserializer.getStringOrArray(tree, "key");
         assertThat(values, is(notNullValue()));
-        assertThat(values, is(arrayWithSize(2)));
-        assertThat(values, is(arrayContaining("one", "two")));
+        assertThat(values, is(IsCollectionWithSize.hasSize(2)));
+        assertThat(values, is(IsCollectionContaining.hasItems("one", "two")));
     }
 
     @Test
@@ -131,10 +132,10 @@ public void shouldGetStringArrayWhenParsingTextNode() throws Exception {
         TextNode textNode = new TextNode("something");
         tree.put("key", textNode);
 
-        String[] values = deserializer.getStringOrArray(tree, "key");
+        List<String> values = deserializer.getStringOrArray(tree, "key");
         assertThat(values, is(notNullValue()));
-        assertThat(values, is(arrayWithSize(1)));
-        assertThat(values, is(arrayContaining("something")));
+        assertThat(values, is(IsCollectionWithSize.hasSize(1)));
+        assertThat(values, is(IsCollectionContaining.hasItems("something")));
     }
 
     @Test
@@ -143,9 +144,9 @@ public void shouldGetEmptyStringArrayWhenParsingEmptyTextNode() throws Exception
         TextNode textNode = new TextNode("");
         tree.put("key", textNode);
 
-        String[] values = deserializer.getStringOrArray(tree, "key");
+        List<String> values = deserializer.getStringOrArray(tree, "key");
         assertThat(values, is(notNullValue()));
-        assertThat(values, is(arrayWithSize(0)));
+        assertThat(values, is(IsEmptyCollection.empty()));
     }
 
     @Test
@@ -154,7 +155,7 @@ public void shouldGetNullArrayWhenParsingNullNode() throws Exception {
         NullNode node = NullNode.getInstance();
         tree.put("key", node);
 
-        String[] values = deserializer.getStringOrArray(tree, "key");
+        List<String> values = deserializer.getStringOrArray(tree, "key");
         assertThat(values, is(nullValue()));
     }
 
@@ -163,7 +164,7 @@ public void shouldGetNullArrayWhenParsingNullNodeValue() throws Exception {
         Map<String, JsonNode> tree = new HashMap<>();
         tree.put("key", null);
 
-        String[] values = deserializer.getStringOrArray(tree, "key");
+        List<String> values = deserializer.getStringOrArray(tree, "key");
         assertThat(values, is(nullValue()));
     }
 
@@ -173,7 +174,7 @@ public void shouldGetNullArrayWhenParsingNonArrayOrTextNode() throws Exception {
         IntNode node = new IntNode(456789);
         tree.put("key", node);
 
-        String[] values = deserializer.getStringOrArray(tree, "key");
+        List<String> values = deserializer.getStringOrArray(tree, "key");
         assertThat(values, is(nullValue()));
     }
 
diff --git a/lib/src/test/java/com/auth0/jwt/impl/PayloadImplTest.java b/lib/src/test/java/com/auth0/jwt/impl/PayloadImplTest.java
@@ -2,13 +2,15 @@
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.node.TextNode;
-import org.hamcrest.collection.IsArrayContaining;
+import org.hamcrest.collection.IsCollectionWithSize;
+import org.hamcrest.core.IsCollectionContaining;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 import org.mockito.Mockito;
 
+import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
@@ -33,7 +35,7 @@ public void setUp() throws Exception {
         issuedAt = Mockito.mock(Date.class);
         Map<String, JsonNode> tree = new HashMap<>();
         tree.put("extraClaim", new TextNode("extraValue"));
-        payload = new PayloadImpl("issuer", "subject", new String[]{"audience"}, expiresAt, notBefore, issuedAt, "jwtId", tree);
+        payload = new PayloadImpl("issuer", "subject", Collections.singletonList("audience"), expiresAt, notBefore, issuedAt, "jwtId", tree);
     }
 
     @SuppressWarnings("Convert2Diamond")
@@ -73,7 +75,9 @@ public void shouldGetNullSubjectIfMissing() throws Exception {
     @Test
     public void shouldGetAudience() throws Exception {
         assertThat(payload, is(notNullValue()));
-        assertThat(payload.getAudience(), is(IsArrayContaining.hasItemInArray("audience")));
+
+        assertThat(payload.getAudience(), is(IsCollectionWithSize.hasSize(1)));
+        assertThat(payload.getAudience(), is(IsCollectionContaining.hasItems("audience")));
     }
 
     @Test

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@`
`5`	`5`	`import com.auth0.jwt.interfaces.Claim;`
`6`	`6`
`7`	`7`	`import java.util.Date;`
	`8`	`+import java.util.List;`
`8`	`9`
`9`	`10`	`public final class JWT implements com.auth0.jwt.interfaces.JWT {`
`10`	`11`
`@@ -62,7 +63,7 @@ public String getSubject() {`
`62`	`63`	`}`
`63`	`64`
`64`	`65`	`@Override`
`65`		`- public String[] getAudience() {`
	`66`	`+ public List<String> getAudience() {`
`66`	`67`	`return jwt.getAudience();`
`67`	`68`	`}`
`68`	`69`
Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@`
`10`	`10`	`import org.apache.commons.codec.binary.StringUtils;`
`11`	`11`
`12`	`12`	`import java.util.Date;`
	`13`	`+import java.util.List;`
`13`	`14`
`14`	`15`	`/**`
`15`	`16`	`* The JWTDecoder class holds the decode method to parse a given Token into it's JWT representation.`
`@@ -88,7 +89,7 @@ public String getSubject() {`
`88`	`89`	`}`
`89`	`90`
`90`	`91`	`@Override`
`91`		`- public String[] getAudience() {`
	`92`	`+ public List<String> getAudience() {`
`92`	`93`	`return payload.getAudience();`
`93`	`94`	`}`
`94`	`95`
Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,7 @@ public Verification withSubject(String subject) {`
`83`	`83`	`* @return this same Verification instance.`
`84`	`84`	`*/`
`85`	`85`	`public Verification withAudience(String... audience) {`
`86`		`- requireClaim(PublicClaims.AUDIENCE, audience);`
	`86`	`+ requireClaim(PublicClaims.AUDIENCE, Arrays.asList(audience));`
`87`	`87`	`return this;`
`88`	`88`	`}`
`89`	`89`
`@@ -258,7 +258,7 @@ private void verifyClaims(JWT jwt, Map<String, Object> claims) {`
`258`	`258`	`for (Map.Entry<String, Object> entry : claims.entrySet()) {`
`259`	`259`	`switch (entry.getKey()) {`
`260`	`260`	`case PublicClaims.AUDIENCE:`
`261`		`- assertValidAudienceClaim(jwt.getAudience(), (String[]) entry.getValue());`
	`261`	`+ assertValidAudienceClaim(jwt.getAudience(), (List<String>) entry.getValue());`
`262`	`262`	`break;`
`263`	`263`	`case PublicClaims.EXPIRES_AT:`
`264`	`264`	`assertValidDateClaim(jwt.getExpiresAt(), (Long) entry.getValue(), true);`
`@@ -329,9 +329,9 @@ private void assertValidDateClaim(Date date, long leeway, boolean shouldBeFuture`
`329`	`329`	`}`
`330`	`330`	`}`
`331`	`331`
`332`		`- private void assertValidAudienceClaim(String[] audience, String[] value) {`
`333`		`- if (!Arrays.equals(audience, value)) {`
`334`		`- throw new InvalidClaimException("The Claim 'aud' value doesn't match the required one.");`
	`332`	`+ private void assertValidAudienceClaim(List<String> audience, List<String> value) {`
	`333`	`+ if (audience == null \|\| !audience.containsAll(value)) {`
	`334`	`+ throw new InvalidClaimException("The Claim 'aud' value doesn't contain the required audience.");`
`335`	`335`	`}`
`336`	`336`	`}`
`337`	`337`	`}`