Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-ports-gnome
 Path: blob/main/databases/couchdb3/files/patch-src_jwtf_src_jwtf.erl
16124 views
1
--- src/jwtf/src/jwtf.erl.orig	2021-03-31 15:23:39 UTC

2
+++ src/jwtf/src/jwtf.erl

3
@@ -188,8 +188,7 @@ validate_alg(Props, Checks) ->

4
     end.

5
 

6
 

7
-%% Not all these fields have to be present, but if they _are_ present

8
-%% they must be valid.

9
+%% Only validate required checks.

10
 validate_payload(Props, Checks) ->

11
     validate_iss(Props, Checks),

12
     validate_iat(Props, Checks),

13
@@ -202,7 +201,7 @@ validate_iss(Props, Checks) ->

14
     ActualISS = prop(<<"iss">>, Props),

15
 

16
     case {ExpectedISS, ActualISS} of

17
-        {undefined, undefined} ->

18
+        {undefined, _} -> % ignore unrequired check

19
             ok;

20
         {ISS, undefined} when ISS /= undefined ->

21
             throw({bad_request, <<"Missing iss claim">>});

22
@@ -218,11 +217,11 @@ validate_iat(Props, Checks) ->

23
     IAT = prop(<<"iat">>, Props),

24
 

25
     case {Required, IAT} of

26
-        {undefined, undefined} ->

27
+        {undefined, _} -> % ignore unrequired check

28
             ok;

29
         {true, undefined} ->

30
             throw({bad_request, <<"Missing iat claim">>});

31
-        {_, IAT} when is_integer(IAT) ->

32
+        {true, IAT} when is_integer(IAT) ->

33
             ok;

34
         {true, _} ->

35
             throw({bad_request, <<"Invalid iat claim">>})

36
@@ -234,12 +233,12 @@ validate_nbf(Props, Checks) ->

37
     NBF = prop(<<"nbf">>, Props),

38
 

39
     case {Required, NBF} of

40
-        {undefined, undefined} ->

41
+        {undefined, _} -> % ignore unrequired check

42
             ok;

43
         {true, undefined} ->

44
             throw({bad_request, <<"Missing nbf claim">>});

45
-        {_, IAT} ->

46
-            assert_past(<<"nbf">>, IAT)

47
+        {true, NBF} ->

48
+            assert_past(<<"nbf">>, NBF)

49
     end.

50
 

51
 

52
@@ -248,11 +247,11 @@ validate_exp(Props, Checks) ->

53
     EXP = prop(<<"exp">>, Props),

54
 

55
     case {Required, EXP} of

56
-        {undefined, undefined} ->

57
+        {undefined, _} -> % ignore unrequired check

58
             ok;

59
         {true, undefined} ->

60
             throw({bad_request, <<"Missing exp claim">>});

61
-        {_, EXP} ->

62
+        {true, EXP} ->

63
             assert_future(<<"exp">>, EXP)

64
     end.

65
 

66
@@ -351,3 +350,20 @@ now_seconds() ->

67
 

68
 prop(Prop, Props) ->

69
     proplists:get_value(Prop, Props).

70
+

71
+

72
+-ifdef(TEST).

73
+-include_lib("eunit/include/eunit.hrl").

74
+

75
+validate_payload_ignore_unchecked_props_test() ->

76
+    ?assertEqual(ok, validate_payload(_Props = [], _Checks = [])),

77
+    BogusProps = [

78
+        {iss, bogus},

79
+        {iat, bogus},

80
+        {nbf, bogus},

81
+        {exp, bogus}

82
+    ],

83
+    ?assertEqual(ok, validate_payload(BogusProps, _Checks = [])),

84
+    ok.

85
+

86
+-endif.

87


88