Skip to content

Commit 5dacb00

Browse files
deepu105deepu105
committed
disable audience validation
1 parent bafbcb9 commit 5dacb00

File tree

1 file changed

+29
-1
lines changed

1 file changed

+29
-1
lines changed

src/app/jwt_decoder.rs

Lines changed: 29 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -187,11 +187,12 @@ pub fn print_decoded_token(token: &TokenData<Payload>, json: bool) {
187187
fn decode_token(
188188
arguments: &DecodeArgs,
189189
) -> (JWTResult<TokenData<Payload>>, JWTResult<TokenData<Payload>>) {
190-
let mut insecure_validator = Validation::new(Algorithm::HS256);
190+
let mut insecure_validator = Validation::new(Algorithm::RS256);
191191
// disable signature validation as its not needed for just decoding
192192
insecure_validator.insecure_disable_signature_validation();
193193
insecure_validator.required_spec_claims = HashSet::new();
194194
insecure_validator.validate_exp = false;
195+
insecure_validator.validate_aud = false;
195196
let insecure_decoding_key = DecodingKey::from_secret("".as_ref());
196197

197198
let decode_only = decode::<Payload>(&arguments.jwt, &insecure_decoding_key, &insecure_validator)
@@ -317,6 +318,33 @@ mod tests {
317318
);
318319
}
319320

321+
#[test]
322+
fn test_decode_token_with_valid_jwt_and_secret_rs256() {
323+
let secret_file_name = "./test_data/test_ecdsa_public.pem";
324+
325+
let args = DecodeArgs {
326+
jwt: String::from("eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkRGbzcxemxOdV9vLTkxOFJIN0lIVyJ9.eyJodHRwczovL3d3dy5qaGlwc3Rlci50ZWNoL3JvbGVzIjpbIkFkbWluaXN0cmF0b3IiLCJST0xFX0FETUlOIiwiUk9MRV9VU0VSIl0sImlzcyI6Imh0dHBzOi8vZGV2LTA2YnpzMWN1LnVzLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw2MWJjYmM3NmY2NGQ0YTAwNzJhZjhhMWQiLCJhdWQiOlsiaHR0cHM6Ly9kZXYtMDZienMxY3UudXMuYXV0aDAuY29tL2FwaS92Mi8iLCJodHRwczovL2Rldi0wNmJ6czFjdS51cy5hdXRoMC5jb20vdXNlcmluZm8iXSwiaWF0IjoxNzA1MDAyMDQxLCJleHAiOjE3MDUwODg0NDEsImF6cCI6IjFmbTdJMUdHRXRNZlRabW5vdFV1azVVT3gyWm10NnR0Iiwic2NvcGUiOiJvcGVuaWQifQ.eWdbVEolnmqqyx_Z5rR-09H3kg06EaokYoAAdrqLmB6FHwZbbyZrPaHImmEnY8BSRM42FpE9NZehqVAeQ5VQhOVdMMklCQSA5h13oQbKn6ciuc9Etyq2jg4sk2lOEkSmw4e_hWUGjkXnzP_J84o9-2qpN7VKNTGEvtk3mdQYXxwoeD8RvQjYJq6LsKIKA0biEyGWZxIpK1LCAFH1dmo5ZMpTeNGIwnUBdOxkL4jbKe26e9t7TDO0EtFjXmq-C218bbr1AgFN2eyj6n-3kNy9XfRcnfIlyXWJ0ZvcDVa9UoaTGP9Wdo0Ze3q2IrcgYrP7zTeZia5O2tejkaNknKNnwA"),
327+
secret: format!("@{}", secret_file_name),
328+
time_format_utc: false,
329+
ignore_exp: true,
330+
};
331+
332+
let (decode_only, verified_token_data) = decode_token(&args);
333+
334+
assert!(decode_only.is_ok());
335+
assert!(verified_token_data.is_ok());
336+
337+
let decode_only_token = decode_only.unwrap();
338+
let verified_token_data = verified_token_data.unwrap();
339+
340+
assert_eq!(decode_only_token.header.alg, Algorithm::ES384);
341+
assert_eq!(verified_token_data.header.alg, Algorithm::ES384);
342+
assert_eq!(
343+
format!("{:?}", decode_only_token.claims.0.get("name").unwrap()),
344+
"String(\"John Doe\")"
345+
);
346+
}
347+
320348
#[test]
321349
fn test_decode_token_with_valid_jwt_and_secret_es384_pem() {
322350
let secret_file_name = "./test_data/test_ecdsa_public.pem";

0 commit comments

Comments
 (0)