Extract claims validation into class

jwt · excpt · Jan 26, 2019 · Jan 22, 2019 · Jan 22, 2019 · Jan 26, 2019
commit b2315c854274c1e00e2cb86fcee9dec2212b892e
diff --git a/lib/jwt/claims_validator.rb b/lib/jwt/claims_validator.rb
@@ -0,0 +1,31 @@
+require_relative './error'
+
+module JWT
+  class ClaimsValidator
+    INTEGER_CLAIMS = %i[
+      exp
+    ]
+
+    def initialize(payload)
+      @payload = payload.each_with_object({}) { |(k, v), h| h[k.to_sym] = v }
+    end
+
+    def validate!
+      validate_int_claims
+
+      true
+    end
+
+    private
+
+    def validate_int_claims
+      INTEGER_CLAIMS.each do |claim|
+        validate_is_int(claim) if @payload.key?(claim)
+      end
+    end
+
+    def validate_is_int(claim)
+      raise InvalidPayload, "#{claim} claim must be an integer" unless @payload[:exp].is_a?(Integer)
+    end
+  end
+end
diff --git a/lib/jwt/encode.rb b/lib/jwt/encode.rb
@@ -1,13 +1,13 @@
 # frozen_string_literal: true
 
+require_relative './claims_validator'
+
 # JWT::Encode module
 module JWT
   # Encoding logic for JWT
   class Encode
     ALG_NONE = 'none'.freeze
     ALG_KEY  = 'alg'.freeze
-    EXP_KEY  = 'exp'.freeze
-    EXP_KEYS = [EXP_KEY, EXP_KEY.to_sym].freeze
 
     def initialize(options)
       @payload   = options[:payload]
@@ -22,18 +22,6 @@ def segments
 
     private
 
-    def validate_payload!
-      return unless @payload && @payload.is_a?(Hash)
-
-      validate_exp!
-    end
-
-    def validate_exp!
-      return if EXP_KEYS.all? { |key| !@payload.key?(key) || @payload[key].is_a?(Integer) }
-
-      raise InvalidPayload, 'exp claim must be an integer'
-    end
-
     def encoded_header
       @encoded_header ||= encode_header
     end
@@ -55,7 +43,10 @@ def encode_header
     end
 
     def encode_payload
-      validate_payload!
+      if @payload && @payload.is_a?(Hash)
+        ClaimsValidator.new(@payload).validate!
+      end
+
       encode(@payload)
     end
 

diff --git a/spec/jwt/claims_validator_spec.rb b/spec/jwt/claims_validator_spec.rb
@@ -0,0 +1,33 @@
+require 'spec_helper'
+require 'jwt/claims_validator'
+
+RSpec.describe JWT::ClaimsValidator do
+  describe '#validate!' do
+    it 'returns true if the payload is valid' do
+      valid_payload = { 'exp' => 12345 }
+      subject = described_class.new(valid_payload)
+
+      expect(subject.validate!).to eq(true)
+    end
+
+    context "exp validation" do
+      it 'raises an error when the value of the exp claim is a string' do
+        subject = described_class.new({ exp: '1' })
+        expect { subject.validate! }.to raise_error JWT::InvalidPayload
+      end
+
+      it 'raises an error when the value of the exp claim is a Time object' do
+        subject = described_class.new({ exp: Time.now })
+        expect { subject.validate! }.to raise_error JWT::InvalidPayload
+      end
+
+      it 'validates the exp when the exp key is either a string or a symbol' do
+        symbol = described_class.new({ exp: true })
+        expect { symbol.validate! }.to raise_error JWT::InvalidPayload
+
+        string = described_class.new({ 'exp' => true })
+        expect { string.validate! }.to raise_error JWT::InvalidPayload
+      end
+    end
+  end
+end