Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle missing expected array claim #393

Merged
merged 2 commits into from
Feb 14, 2020
Merged

Handle missing expected array claim #393

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
38a1046
fix NPE when missing expected array claim
lbalmaceda Feb 14, 2020
2e0e6ff
code-formatting changes
lbalmaceda Feb 14, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 23 additions & 23 deletions lib/src/main/java/com/auth0/jwt/JWTCreator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -307,90 +307,90 @@ public Builder withArrayClaim(String name, Long[] items) throws IllegalArgumentE

/**
* Add a custom Map Claim with the given items.
*
* <p>
* Accepted nested types are {@linkplain Map} and {@linkplain List} with basic types
* {@linkplain Boolean}, {@linkplain Integer}, {@linkplain Long}, {@linkplain Double},
* {@linkplain String} and {@linkplain Date}. {@linkplain Map}s cannot contain null keys or values.
* {@linkplain List}s can contain null elements.
*
* @param name the Claim's name.
* @param map the Claim's key-values.
* @param name the Claim's name.
* @param map the Claim's key-values.
* @return this same Builder instance.
* @throws IllegalArgumentException if the name is null, or if the map contents does not validate.
*/
public Builder withClaim(String name, Map<String, ?> map) throws IllegalArgumentException {
assertNonNull(name);
// validate map contents
if(!validateClaim(map)) {
if (!validateClaim(map)) {
throw new IllegalArgumentException("Expected map containing Map, List, Boolean, Integer, Long, Double, String and Date");
}
addClaim(name, map);
return this;
}
}

/**
* Add a custom List Claim with the given items.
*
* <p>
* Accepted nested types are {@linkplain Map} and {@linkplain List} with basic types
* {@linkplain Boolean}, {@linkplain Integer}, {@linkplain Long}, {@linkplain Double},
* {@linkplain String} and {@linkplain Date}. {@linkplain Map}s cannot contain null keys or values.
* {@linkplain List}s can contain null elements.
*
* @param name the Claim's name.
* @param name the Claim's name.
* @param list the Claim's list of values.
* @return this same Builder instance.
* @throws IllegalArgumentException if the name is null, or if the list contents does not validate.
*/

public Builder withClaim(String name, List<?> list) throws IllegalArgumentException {
assertNonNull(name);
// validate list contents
if(!validateClaim(list)) {
if (!validateClaim(list)) {
throw new IllegalArgumentException("Expected list containing Map, List, Boolean, Integer, Long, Double, String and Date");
}
addClaim(name, list);
return this;
}
}

private static boolean validateClaim(Map<?, ?> map) {
// do not accept null values in maps
for (Entry<?, ?> entry : map.entrySet()) {
Object value = entry.getValue();
if(value == null || !isSupportedType(value)) {
if (value == null || !isSupportedType(value)) {
return false;
}
if(entry.getKey() == null || !(entry.getKey() instanceof String)) {

if (entry.getKey() == null || !(entry.getKey() instanceof String)) {
return false;
}
}
return true;
}

private static boolean validateClaim(List<?> list) {
// accept null values in list
for (Object object : list) {
if(object != null && !isSupportedType(object)) {
if (object != null && !isSupportedType(object)) {
return false;
}
}
return true;
}
}

private static boolean isSupportedType(Object value) {
if(value instanceof List) {
return validateClaim((List<?>)value);
} else if(value instanceof Map) {
return validateClaim((Map<?, ?>)value);
if (value instanceof List) {
return validateClaim((List<?>) value);
} else if (value instanceof Map) {
return validateClaim((Map<?, ?>) value);
} else {
return isBasicType(value);
}
}

private static boolean isBasicType(Object value) {
Class<?> c = value.getClass();
if(c.isArray()) {

if (c.isArray()) {
return c == Integer[].class || c == Long[].class || c == String[].class;
}
return c == String.class || c == Integer.class || c == Long.class || c == Double.class || c == Date.class || c == Boolean.class;
Expand Down
26 changes: 9 additions & 17 deletions lib/src/main/java/com/auth0/jwt/JWTVerifier.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -168,21 +168,13 @@ public Verification withArrayClaim(String name, Integer... items) throws Illegal
requireClaim(name, items);
return this;
}

/**
* Require a specific Array Claim to contain at least the given items.
*
* @param name the Claim's name.
* @param items the items the Claim must contain.
* @return this same Verification instance.
* @throws IllegalArgumentException if the name is null.
*/

@Override
public Verification withArrayClaim(String name, Long ... items) throws IllegalArgumentException {
public Verification withArrayClaim(String name, Long... items) throws IllegalArgumentException {
assertNonNull(name);
requireClaim(name, items);
return this;
}
}

@Override
public JWTVerifier build() {
Expand Down Expand Up @@ -220,7 +212,7 @@ private void addLeewayToDateClaims() {
if (!claims.containsKey(PublicClaims.NOT_BEFORE)) {
claims.put(PublicClaims.NOT_BEFORE, defaultLeeway);
}
if(ignoreIssuedAt) {
if (ignoreIssuedAt) {
claims.remove(PublicClaims.ISSUED_AT);
return;
}
Expand Down Expand Up @@ -329,18 +321,18 @@ private void assertValidClaim(Claim claim, String claimName, Object value) {
Object[] claimAsObject = claim.as(Object[].class);

// Jackson uses 'natural' mapping which uses Integer if value fits in 32 bits.
if(value instanceof Long[]) {
if (value instanceof Long[]) {
// convert Integers to Longs for comparison with equals
claimArr = new ArrayList<>(claimAsObject.length);
for(Object cao : claimAsObject) {
if(cao instanceof Integer) {
claimArr.add(((Integer)cao).longValue());
for (Object cao : claimAsObject) {
if (cao instanceof Integer) {
claimArr.add(((Integer) cao).longValue());
} else {
claimArr.add(cao);
}
}
} else {
claimArr = Arrays.asList(claim.as(Object[].class));
claimArr = claim.isNull() ? Collections.emptyList() : Arrays.asList(claim.as(Object[].class));
}
List<Object> valueArr = Arrays.asList((Object[]) value);
isValid = claimArr.containsAll(valueArr);
Expand Down
34 changes: 17 additions & 17 deletions lib/src/main/java/com/auth0/jwt/interfaces/JWTVerifier.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,22 +4,22 @@


public interface JWTVerifier {

/**
* Performs the verification against the given Token
*
* @param token to verify.
* @return a verified and decoded JWT.
* @throws JWTVerificationException if any of the verification steps fail
*/
DecodedJWT verify(String token) throws JWTVerificationException;

/**
* Performs the verification against the given decoded JWT
*
* @param jwt to verify.
* @return a verified and decoded JWT.
* @throws JWTVerificationException if any of the verification steps fail
*/
DecodedJWT verify(DecodedJWT jwt) throws JWTVerificationException;
/**
* Performs the verification against the given Token
*
* @param token to verify.
* @return a verified and decoded JWT.
* @throws JWTVerificationException if any of the verification steps fail
*/
DecodedJWT verify(String token) throws JWTVerificationException;

/**
* Performs the verification against the given decoded JWT
*
* @param jwt to verify.
* @return a verified and decoded JWT.
* @throws JWTVerificationException if any of the verification steps fail
*/
DecodedJWT verify(DecodedJWT jwt) throws JWTVerificationException;
}
Loading