From 6c503ce750e21ca9153152b1c816e02bcf075d5f Mon Sep 17 00:00:00 2001 From: Takaaki Suzuki Date: Tue, 27 Sep 2022 02:08:00 +0900 Subject: [PATCH 1/5] Add nested payload --- tests/LitJWT.Tests/DecodeTest.cs | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/tests/LitJWT.Tests/DecodeTest.cs b/tests/LitJWT.Tests/DecodeTest.cs index 5e595ab..07ac869 100644 --- a/tests/LitJWT.Tests/DecodeTest.cs +++ b/tests/LitJWT.Tests/DecodeTest.cs @@ -22,12 +22,14 @@ public class PayloadNbf { public string Foo { get; set; } public int Bar { get; set; } + public Payload Nested { get; set; } public long nbf { get; set; } } public class PayloadExp { public string Foo { get; set; } public int Bar { get; set; } + public Payload Nested { get; set; } public long exp { get; set; } } [Fact] @@ -97,7 +99,8 @@ public void VerifyExp() var decoder = new JwtDecoder(new LitJWT.Algorithms.HS256Algorithm(key)); { - var payload = new PayloadExp { Bar = 1, Foo = "foo", exp = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadExp { Bar = 1, Foo = "foo", Nested = nested, exp = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; var result = encoder.Encode(payload, null, (x, writer) => writer.Write(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(x)))); var decodeResult = decoder.TryDecode(result, x => JsonConvert.DeserializeObject(Encoding.UTF8.GetString(x)), out var decodedPayload); @@ -105,7 +108,8 @@ public void VerifyExp() } { - var payload = new PayloadExp { Bar = 1, Foo = "foo", exp = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadExp { Bar = 1, Foo = "foo", Nested = nested, exp = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; var result = encoder.Encode(payload, null, (x, writer) => writer.Write(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(x)))); var decodeResult = decoder.TryDecode(result, x => JsonConvert.DeserializeObject(Encoding.UTF8.GetString(x)), out var decodedPayload); @@ -121,7 +125,8 @@ public void VerifyNbf() var decoder = new JwtDecoder(new LitJWT.Algorithms.HS256Algorithm(key)); { - var payload = new PayloadNbf { Bar = 1, Foo = "foo", nbf = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadNbf { Bar = 1, Foo = "foo", Nested = nested, nbf = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; var result = encoder.Encode(payload, null, (x, writer) => writer.Write(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(x)))); @@ -130,7 +135,8 @@ public void VerifyNbf() decodeResult.Should().Be(DecodeResult.FailedVerifyNotBefore); } { - var payload = new PayloadNbf { Bar = 1, Foo = "foo", nbf = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadNbf { Bar = 1, Foo = "foo", Nested = nested, nbf = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; var result = encoder.Encode(payload, null, (x, writer) => writer.Write(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(x)))); @@ -210,7 +216,8 @@ public void VerifyExpUtf8() var decoder = new JwtDecoder(new LitJWT.Algorithms.HS256Algorithm(key)); { - var payload = new PayloadExp { Bar = 1, Foo = "foo", exp = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadExp { Bar = 1, Foo = "foo", Nested = nested, exp = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; var result = encoder.EncodeAsUtf8Bytes(payload, null, (x, writer) => writer.Write(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(x)))); var decodeResult = decoder.TryDecode(result, x => JsonConvert.DeserializeObject(Encoding.UTF8.GetString(x)), out var decodedPayload); @@ -218,7 +225,8 @@ public void VerifyExpUtf8() } { - var payload = new PayloadExp { Bar = 1, Foo = "foo", exp = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadExp { Bar = 1, Foo = "foo", Nested = nested, exp = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; var result = encoder.EncodeAsUtf8Bytes(payload, null, (x, writer) => writer.Write(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(x)))); var decodeResult = decoder.TryDecode(result, x => JsonConvert.DeserializeObject(Encoding.UTF8.GetString(x)), out var decodedPayload); @@ -234,7 +242,8 @@ public void VerifyNbfUtf8() var decoder = new JwtDecoder(new LitJWT.Algorithms.HS256Algorithm(key)); { - var payload = new PayloadNbf { Bar = 1, Foo = "foo", nbf = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadNbf { Bar = 1, Foo = "foo", Nested = nested, nbf = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; var result = encoder.EncodeAsUtf8Bytes(payload, null, (x, writer) => writer.Write(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(x)))); @@ -243,7 +252,8 @@ public void VerifyNbfUtf8() decodeResult.Should().Be(DecodeResult.FailedVerifyNotBefore); } { - var payload = new PayloadNbf { Bar = 1, Foo = "foo", nbf = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadNbf { Bar = 1, Foo = "foo", Nested = nested, nbf = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; var result = encoder.EncodeAsUtf8Bytes(payload, null, (x, writer) => writer.Write(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(x)))); From 5ce0d3012581603442754500018cdfa3230a8dad Mon Sep 17 00:00:00 2001 From: Takaaki Suzuki Date: Tue, 27 Sep 2022 02:11:58 +0900 Subject: [PATCH 2/5] Check depth --- src/LitJWT/JwtDecoder.cs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/LitJWT/JwtDecoder.cs b/src/LitJWT/JwtDecoder.cs index fdbed5a..214fb83 100644 --- a/src/LitJWT/JwtDecoder.cs +++ b/src/LitJWT/JwtDecoder.cs @@ -217,7 +217,7 @@ public DecodeResult TryDecode(ReadOnlySpan utf8token, PayloadParser { if (reader.TokenType == System.Text.Json.JsonTokenType.EndObject) break; - if (reader.TokenType == JsonTokenType.PropertyName) + if (reader.CurrentDepth == 1 && reader.TokenType == JsonTokenType.PropertyName) { if (reader.ValueTextEquals(JwtConstantsUtf8.Expiration)) { @@ -360,7 +360,7 @@ public DecodeResult TryDecode(ReadOnlySpan token, PayloadParser payl { if (reader.TokenType == System.Text.Json.JsonTokenType.EndObject) break; - if (reader.TokenType == JsonTokenType.PropertyName) + if (reader.CurrentDepth == 1 && reader.TokenType == JsonTokenType.PropertyName) { if (reader.ValueTextEquals(JwtConstantsUtf8.Expiration)) { @@ -654,7 +654,7 @@ DecodeResult TryDecodeCore(ReadOnlySpan token, InternalPayloadParser { if (reader.TokenType == System.Text.Json.JsonTokenType.EndObject) break; - if (reader.TokenType == JsonTokenType.PropertyName) + if (reader.CurrentDepth == 1 && reader.TokenType == JsonTokenType.PropertyName) { if (reader.ValueTextEquals(JwtConstantsUtf8.Expiration)) { From 3f7946d32e51445d987b0eabdeed137f9a80b75c Mon Sep 17 00:00:00 2001 From: Takaaki Suzuki Date: Tue, 27 Sep 2022 02:18:35 +0900 Subject: [PATCH 3/5] More check depth --- src/LitJWT/JwtDecoder.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/LitJWT/JwtDecoder.cs b/src/LitJWT/JwtDecoder.cs index 214fb83..fa7c989 100644 --- a/src/LitJWT/JwtDecoder.cs +++ b/src/LitJWT/JwtDecoder.cs @@ -516,7 +516,7 @@ DecodeResult TryDecodeCore(ReadOnlySpan utf8token, InternalPayloadParse { if (reader.TokenType == System.Text.Json.JsonTokenType.EndObject) break; - if (reader.TokenType == JsonTokenType.PropertyName) + if (reader.CurrentDepth == 1 && reader.TokenType == JsonTokenType.PropertyName) { if (reader.ValueTextEquals(JwtConstantsUtf8.Expiration)) { From 3edb8420561dd20774f3cbebd993d05da4c29608 Mon Sep 17 00:00:00 2001 From: Takaaki Suzuki Date: Tue, 27 Sep 2022 02:19:38 +0900 Subject: [PATCH 4/5] Remove unnecessary token check --- src/LitJWT/JwtDecoder.cs | 8 -------- 1 file changed, 8 deletions(-) diff --git a/src/LitJWT/JwtDecoder.cs b/src/LitJWT/JwtDecoder.cs index fa7c989..3e06905 100644 --- a/src/LitJWT/JwtDecoder.cs +++ b/src/LitJWT/JwtDecoder.cs @@ -215,8 +215,6 @@ public DecodeResult TryDecode(ReadOnlySpan utf8token, PayloadParser var reader = new System.Text.Json.Utf8JsonReader(decodedPayload); while (reader.Read()) { - if (reader.TokenType == System.Text.Json.JsonTokenType.EndObject) break; - if (reader.CurrentDepth == 1 && reader.TokenType == JsonTokenType.PropertyName) { if (reader.ValueTextEquals(JwtConstantsUtf8.Expiration)) @@ -358,8 +356,6 @@ public DecodeResult TryDecode(ReadOnlySpan token, PayloadParser payl var reader = new System.Text.Json.Utf8JsonReader(decodedPayload); while (reader.Read()) { - if (reader.TokenType == System.Text.Json.JsonTokenType.EndObject) break; - if (reader.CurrentDepth == 1 && reader.TokenType == JsonTokenType.PropertyName) { if (reader.ValueTextEquals(JwtConstantsUtf8.Expiration)) @@ -514,8 +510,6 @@ DecodeResult TryDecodeCore(ReadOnlySpan utf8token, InternalPayloadParse var reader = new System.Text.Json.Utf8JsonReader(decodedPayload); while (reader.Read()) { - if (reader.TokenType == System.Text.Json.JsonTokenType.EndObject) break; - if (reader.CurrentDepth == 1 && reader.TokenType == JsonTokenType.PropertyName) { if (reader.ValueTextEquals(JwtConstantsUtf8.Expiration)) @@ -652,8 +646,6 @@ DecodeResult TryDecodeCore(ReadOnlySpan token, InternalPayloadParser var reader = new System.Text.Json.Utf8JsonReader(decodedPayload); while (reader.Read()) { - if (reader.TokenType == System.Text.Json.JsonTokenType.EndObject) break; - if (reader.CurrentDepth == 1 && reader.TokenType == JsonTokenType.PropertyName) { if (reader.ValueTextEquals(JwtConstantsUtf8.Expiration)) From d670f06b6210c852c2333f5776505860ef6975c0 Mon Sep 17 00:00:00 2001 From: Takaaki Suzuki Date: Tue, 27 Sep 2022 02:33:36 +0900 Subject: [PATCH 5/5] Add more test cases --- tests/LitJWT.Tests/DecodeTest.cs | 74 ++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/tests/LitJWT.Tests/DecodeTest.cs b/tests/LitJWT.Tests/DecodeTest.cs index 07ac869..5ac50e5 100644 --- a/tests/LitJWT.Tests/DecodeTest.cs +++ b/tests/LitJWT.Tests/DecodeTest.cs @@ -115,6 +115,24 @@ public void VerifyExp() var decodeResult = decoder.TryDecode(result, x => JsonConvert.DeserializeObject(Encoding.UTF8.GetString(x)), out var decodedPayload); decodeResult.Should().Be(DecodeResult.Success); } + + { + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadExp { Bar = 1, Foo = "foo", Nested = nested, exp = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var jwt = encoder.Encode(payload, null); + + var decodeResult = decoder.TryDecode(jwt, out PayloadExp decodedPayload); + decodeResult.Should().Be(DecodeResult.FailedVerifyExpire); + } + + { + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadExp { Bar = 1, Foo = "foo", Nested = nested, exp = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var jwt = encoder.Encode(payload, null); + + var decodeResult = decoder.TryDecode(jwt, out PayloadExp decodedPayload); + decodeResult.Should().Be(DecodeResult.Success); + } } [Fact] @@ -144,6 +162,24 @@ public void VerifyNbf() decodeResult.Should().Be(DecodeResult.Success); } + + { + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadNbf { Bar = 1, Foo = "foo", Nested = nested, nbf = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var jwt = encoder.Encode(payload, null); + + var decodeResult = decoder.TryDecode(jwt, out PayloadNbf decodedPayload); + decodeResult.Should().Be(DecodeResult.FailedVerifyNotBefore); + } + + { + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadNbf { Bar = 1, Foo = "foo", Nested = nested, nbf = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var jwt = encoder.Encode(payload, null); + + var decodeResult = decoder.TryDecode(jwt, out PayloadNbf decodedPayload); + decodeResult.Should().Be(DecodeResult.Success); + } } @@ -232,6 +268,24 @@ public void VerifyExpUtf8() var decodeResult = decoder.TryDecode(result, x => JsonConvert.DeserializeObject(Encoding.UTF8.GetString(x)), out var decodedPayload); decodeResult.Should().Be(DecodeResult.Success); } + + { + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadExp { Bar = 1, Foo = "foo", Nested = nested, exp = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var jwt = encoder.EncodeAsUtf8Bytes(payload, null); + + var decodeResult = decoder.TryDecode(jwt, out PayloadExp decodedPayload); + decodeResult.Should().Be(DecodeResult.FailedVerifyExpire); + } + + { + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadExp { Bar = 1, Foo = "foo", Nested = nested, exp = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var jwt = encoder.EncodeAsUtf8Bytes(payload, null); + + var decodeResult = decoder.TryDecode(jwt, out PayloadExp decodedPayload); + decodeResult.Should().Be(DecodeResult.Success); + } } [Fact] @@ -259,6 +313,26 @@ public void VerifyNbfUtf8() var decodeResult = decoder.TryDecode(result, x => JsonConvert.DeserializeObject(Encoding.UTF8.GetString(x)), out var decodedPayload); + decodeResult.Should().Be(DecodeResult.Success); + } + { + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadNbf { Bar = 1, Foo = "foo", Nested = nested, nbf = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var jwt = encoder.EncodeAsUtf8Bytes(payload, null); + + + var decodeResult = decoder.TryDecode(jwt, out PayloadNbf decodedPayload); + + decodeResult.Should().Be(DecodeResult.FailedVerifyNotBefore); + } + { + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadNbf { Bar = 1, Foo = "foo", Nested = nested, nbf = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var jwt = encoder.EncodeAsUtf8Bytes(payload, null); + + + var decodeResult = decoder.TryDecode(jwt, out PayloadNbf decodedPayload); + decodeResult.Should().Be(DecodeResult.Success); } }