diff options
Diffstat (limited to 'src/jwtf/src/jwtf.erl')
| -rw-r--r-- | src/jwtf/src/jwtf.erl | 49 |
1 files changed, 33 insertions, 16 deletions
diff --git a/src/jwtf/src/jwtf.erl b/src/jwtf/src/jwtf.erl index b558bdc63..247f2b508 100644 --- a/src/jwtf/src/jwtf.erl +++ b/src/jwtf/src/jwtf.erl @@ -123,8 +123,15 @@ validate(Header0, Payload0, Signature, Checks, KS) -> Key = key(Header1, Checks, KS), verify(Alg, Header0, Payload0, Signature, Key). + validate_checks(Checks) when is_list(Checks) -> - UnknownChecks = proplists:get_keys(Checks) -- ?CHECKS, + case {lists:usort(Checks), lists:sort(Checks)} of + {L, L} -> + ok; + {L1, L2} -> + error({duplicate_checks, L2 -- L1}) + end, + {_, UnknownChecks} = lists:partition(fun valid_check/1, Checks), case UnknownChecks of [] -> ok; @@ -132,6 +139,17 @@ validate_checks(Checks) when is_list(Checks) -> error({unknown_checks, UnknownChecks}) end. + +valid_check(Check) when is_atom(Check) -> + lists:member(Check, ?CHECKS); + +valid_check({Check, _}) when is_atom(Check) -> + lists:member(Check, ?CHECKS); + +valid_check(_) -> + false. + + validate_header(Props, Checks) -> validate_typ(Props, Checks), validate_alg(Props, Checks). @@ -141,11 +159,11 @@ validate_typ(Props, Checks) -> Required = prop(typ, Checks), TYP = prop(<<"typ">>, Props), case {Required, TYP} of - {undefined, _} -> + {undefined, undefined} -> ok; {true, undefined} -> throw({bad_request, <<"Missing typ header parameter">>}); - {true, <<"JWT">>} -> + {_, <<"JWT">>} -> ok; {true, _} -> throw({bad_request, <<"Invalid typ header parameter">>}) @@ -156,13 +174,12 @@ validate_alg(Props, Checks) -> Required = prop(alg, Checks), Alg = prop(<<"alg">>, Props), case {Required, Alg} of - {undefined, _} -> + {undefined, undefined} -> ok; - {Required, undefined} when Required /= undefined -> + {true, undefined} -> throw({bad_request, <<"Missing alg header parameter">>}); - {Required, Alg} when Required == true; is_list(Required) -> - AllowedAlg = if Required == true -> true; true -> lists:member(Alg, Required) end, - case AllowedAlg andalso lists:member(Alg, valid_algorithms()) of + {_, Alg} -> + case lists:member(Alg, valid_algorithms()) of true -> ok; false -> @@ -185,9 +202,9 @@ validate_iss(Props, Checks) -> ActualISS = prop(<<"iss">>, Props), case {ExpectedISS, ActualISS} of - {undefined, _} -> + {undefined, undefined} -> ok; - {_ISS, undefined} -> + {ISS, undefined} when ISS /= undefined -> throw({bad_request, <<"Missing iss claim">>}); {ISS, ISS} -> ok; @@ -201,11 +218,11 @@ validate_iat(Props, Checks) -> IAT = prop(<<"iat">>, Props), case {Required, IAT} of - {undefined, _} -> + {undefined, undefined} -> ok; {true, undefined} -> throw({bad_request, <<"Missing iat claim">>}); - {true, IAT} when is_integer(IAT) -> + {_, IAT} when is_integer(IAT) -> ok; {true, _} -> throw({bad_request, <<"Invalid iat claim">>}) @@ -217,11 +234,11 @@ validate_nbf(Props, Checks) -> NBF = prop(<<"nbf">>, Props), case {Required, NBF} of - {undefined, _} -> + {undefined, undefined} -> ok; {true, undefined} -> throw({bad_request, <<"Missing nbf claim">>}); - {true, IAT} -> + {_, IAT} -> assert_past(<<"nbf">>, IAT) end. @@ -231,11 +248,11 @@ validate_exp(Props, Checks) -> EXP = prop(<<"exp">>, Props), case {Required, EXP} of - {undefined, _} -> + {undefined, undefined} -> ok; {true, undefined} -> throw({bad_request, <<"Missing exp claim">>}); - {true, EXP} -> + {_, EXP} -> assert_future(<<"exp">>, EXP) end. |