accept none as algorithm

lbalmaceda · lbalmaceda · commit 6629e77ab78b · 2016-10-28T16:14:36.000-03:00
diff --git a/lib/src/main/java/com/auth0/jwtdecodejava/Utils.java b/lib/src/main/java/com/auth0/jwtdecodejava/Utils.java
@@ -52,6 +52,10 @@ public static boolean verifyHS(String[] jwtParts, String secret, Algorithm algor
 
     public static String[] splitToken(String token) {
         String[] parts = token.split("\\.");
+        if (parts.length == 2 && token.endsWith(".")) {
+            //Tokens with alg='none' have empty String as Signature.
+            parts = new String[]{parts[0], parts[1], ""};
+        }
         if (parts.length != 3) {
             throw new JWTException(String.format("The token was expected to have 3 parts, but got %s.", parts.length));
         }
diff --git a/lib/src/main/java/com/auth0/jwtdecodejava/impl/JWTVerifier.java b/lib/src/main/java/com/auth0/jwtdecodejava/impl/JWTVerifier.java
@@ -27,6 +27,10 @@ private JWTVerifier(Algorithm algorithm, String secret) {
         this.claims = new HashMap<>();
     }
 
+    public static JWTVerifier init() throws IllegalArgumentException {
+        return init(Algorithm.none, null);
+    }
+
     public static JWTVerifier init(Algorithm algorithm, String secret) throws IllegalArgumentException {
         if (algorithm == null) {
             throw new IllegalArgumentException("The Algorithm cannot be null.");
@@ -39,6 +43,10 @@ public static JWTVerifier init(Algorithm algorithm, String secret) throws Illega
                     throw new IllegalArgumentException(String.format("You can't use the %s algorithm without providing a valid Secret.", algorithm.name()));
                 }
                 break;
+            case none:
+                if (secret != null) {
+                    throw new IllegalArgumentException("You can't use the Algorithm 'none' with a non-null Secret.");
+                }
             default:
         }
         return new JWTVerifier(algorithm, secret);
@@ -98,6 +106,10 @@ private void verifySignature(String[] parts) {
                     throw new SignatureVerificationException(algorithm, e);
                 }
                 break;
+            case none:
+                if (!parts[2].isEmpty()){
+                    throw new SignatureVerificationException(algorithm);
+                }
             default:
         }
     }
diff --git a/lib/src/test/java/com/auth0/jwtdecodejava/UtilsTest.java b/lib/src/test/java/com/auth0/jwtdecodejava/UtilsTest.java
@@ -1,21 +1,59 @@
 package com.auth0.jwtdecodejava;
 
 import com.auth0.jwtdecodejava.enums.Algorithm;
+import com.auth0.jwtdecodejava.exceptions.JWTException;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 
-import static org.hamcrest.Matchers.is;
-import static org.hamcrest.Matchers.notNullValue;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertThat;
-import static org.junit.Assert.assertTrue;
+import static org.hamcrest.Matchers.*;
+import static org.junit.Assert.*;
 
 public class UtilsTest {
 
     @Rule
     public ExpectedException exception = ExpectedException.none();
 
+    @Test
+    public void shouldSplitToken() throws Exception {
+        String token = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJpc3MiOiJhdXRoMCJ9.W1mx_Y0hbAMbPmfW9whT605AAcxB7REFuJiDAHk2Sdc";
+        String[] parts = Utils.splitToken(token);
+
+        assertThat(parts, is(notNullValue()));
+        assertThat(parts, is(arrayWithSize(3)));
+        assertThat(parts[0], is("eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0"));
+        assertThat(parts[1], is("eyJpc3MiOiJhdXRoMCJ9"));
+        assertThat(parts[2], is("W1mx_Y0hbAMbPmfW9whT605AAcxB7REFuJiDAHk2Sdc"));
+    }
+
+    @Test
+    public void shouldSplitTokenWithEmptySignature() throws Exception {
+        String token = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJpc3MiOiJhdXRoMCJ9.";
+        String[] parts = Utils.splitToken(token);
+
+        assertThat(parts, is(notNullValue()));
+        assertThat(parts, is(arrayWithSize(3)));
+        assertThat(parts[0], is("eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0"));
+        assertThat(parts[1], is("eyJpc3MiOiJhdXRoMCJ9"));
+        assertThat(parts[2], is(isEmptyString()));
+    }
+
+    @Test
+    public void shouldThrowOnSplitTokenWithMoreThan3Parts() throws Exception {
+        exception.expect(JWTException.class);
+        exception.expectMessage("The token was expected to have 3 parts, but got 4.");
+        String token = "this.has.four.parts";
+        Utils.splitToken(token);
+    }
+
+    @Test
+    public void shouldThrowOnSplitTokenWithLessThan3Parts() throws Exception {
+        exception.expect(JWTException.class);
+        exception.expectMessage("The token was expected to have 3 parts, but got 2.");
+        String token = "two.parts";
+        Utils.splitToken(token);
+    }
+
     @Test
     public void shouldDecodeBase64() throws Exception {
         String source = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9";
diff --git a/lib/src/test/java/com/auth0/jwtdecodejava/impl/JWTVerifierTest.java b/lib/src/test/java/com/auth0/jwtdecodejava/impl/JWTVerifierTest.java
@@ -18,6 +18,33 @@ public class JWTVerifierTest {
     @Rule
     public ExpectedException exception = ExpectedException.none();
 
+    @Test
+    public void shouldAcceptNoneAlgorithmWhenUsingDefaultConstructor() throws Exception {
+        String token = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJpc3MiOiJhdXRoMCJ9.";
+        JWT jwt = JWTVerifier.init()
+                .verify(token);
+
+        assertThat(jwt, is(notNullValue()));
+    }
+
+    @Test
+    public void shouldAcceptNoneAlgorithm() throws Exception {
+        String token = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJpc3MiOiJhdXRoMCJ9.";
+        JWT jwt = JWTVerifier.init(Algorithm.none, null)
+                .verify(token);
+
+        assertThat(jwt, is(notNullValue()));
+    }
+
+    @Test
+    public void shouldThrowWhenUsingNoneAlgorithmAndPassingASecret() throws Exception {
+        exception.expect(IllegalArgumentException.class);
+        exception.expectMessage("You can't use the Algorithm 'none' with a non-null Secret.");
+        String token = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJpc3MiOiJhdXRoMCJ9.";
+        JWTVerifier.init(Algorithm.none, "something")
+                .verify(token);
+    }
+
     @Test
     public void shouldThrowWhenInitializedWithoutAlgorithm() throws Exception {
         exception.expect(IllegalArgumentException.class);

Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,10 @@ private JWTVerifier(Algorithm algorithm, String secret) {`
`27`	`27`	`this.claims = new HashMap<>();`
`28`	`28`	`}`
`29`	`29`
	`30`	`+ public static JWTVerifier init() throws IllegalArgumentException {`
	`31`	`+ return init(Algorithm.none, null);`
	`32`	`+ }`
	`33`	`+`
`30`	`34`	`public static JWTVerifier init(Algorithm algorithm, String secret) throws IllegalArgumentException {`
`31`	`35`	`if (algorithm == null) {`
`32`	`36`	`throw new IllegalArgumentException("The Algorithm cannot be null.");`
`@@ -39,6 +43,10 @@ public static JWTVerifier init(Algorithm algorithm, String secret) throws Illega`
`39`	`43`	`throw new IllegalArgumentException(String.format("You can't use the %s algorithm without providing a valid Secret.", algorithm.name()));`
`40`	`44`	`}`
`41`	`45`	`break;`
	`46`	`+ case none:`
	`47`	`+ if (secret != null) {`
	`48`	`+ throw new IllegalArgumentException("You can't use the Algorithm 'none' with a non-null Secret.");`
	`49`	`+ }`
`42`	`50`	`default:`
`43`	`51`	`}`
`44`	`52`	`return new JWTVerifier(algorithm, secret);`
`@@ -98,6 +106,10 @@ private void verifySignature(String[] parts) {`
`98`	`106`	`throw new SignatureVerificationException(algorithm, e);`
`99`	`107`	`}`
`100`	`108`	`break;`
	`109`	`+ case none:`
	`110`	`+ if (!parts[2].isEmpty()){`
	`111`	`+ throw new SignatureVerificationException(algorithm);`
	`112`	`+ }`
`101`	`113`	`default:`
`102`	`114`	`}`
`103`	`115`	`}`