ref #20 move invalid JWT check to following if block

w/r/t/ 4173fda - failure to parse a JWT would result in there being no $auth_code_payload so even though we were trying to return from a catch block, which would never work, the following if block would return the thing we *were* trying to return from the catch block had we got to that point bump VERSION and Changes for CPAN release
payprop · Dec 1, 2018 · c9aa6ba · c9aa6ba
1 parent 26f22d3
commit c9aa6ba
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 7 deletions.
diff --git a/Changes b/Changes
@@ -1,10 +1,13 @@
 Revision history for Net-OAuth2-AuthorizationServer
 
+0.19     2018-12-01
+        - Avoid returning from the try/catch block as this never works
+          (GH #20, GH #21, thanks to Dylan William Hardison)
+
 0.18     2018-05-17
         - Fix a couple of typos and path issues revealed by Debian package
           built linter (GH #18, GH #17, with thanks to Mirko Tietge)
 
-
 0.17     2018-04-16
         - Handle inconsistencies between various grant types and the return
           data from ->verify_token_and_scope sometimes returning a hash ref

diff --git a/README.md b/README.md
@@ -11,7 +11,7 @@ Authorization Server
 
 # VERSION
 
-0.18
+0.19
 
 # SYNOPSIS
 
@@ -78,6 +78,8 @@ Ian Sillitoe - [https://github.com/sillitoe](https://github.com/sillitoe)
 
 Mirko Tietgen - [mirko@abunchofthings.net](https://metacpan.org/pod/mirko@abunchofthings.net)
 
+Dylan William Hardison - [dylan@hardison.net](https://metacpan.org/pod/dylan@hardison.net)
+
 # LICENSE
 
 This library is free software; you can redistribute it and/or modify it under

diff --git a/lib/Net/OAuth2/AuthorizationServer.pm b/lib/Net/OAuth2/AuthorizationServer.pm
@@ -11,7 +11,7 @@ Authorization Server
 
 =head1 VERSION
 
-0.18
+0.19
 
 =head1 SYNOPSIS
 
@@ -45,7 +45,7 @@ use Net::OAuth2::AuthorizationServer::ImplicitGrant;
 use Net::OAuth2::AuthorizationServer::PasswordGrant;
 use Net::OAuth2::AuthorizationServer::ClientCredentialsGrant;
 
-our $VERSION = '0.18';
+our $VERSION = '0.19';
 
 =head1 GRANT TYPES
 
@@ -121,6 +121,8 @@ Ian Sillitoe - L<https://github.com/sillitoe>
 
 Mirko Tietgen - L<mirko@abunchofthings.net>
 
+Dylan William Hardison - L<dylan@hardison.net>
+
 =head1 LICENSE
 
 This library is free software; you can redistribute it and/or modify it under

diff --git a/lib/Net/OAuth2/AuthorizationServer/AuthorizationCodeGrant.pm b/lib/Net/OAuth2/AuthorizationServer/AuthorizationCodeGrant.pm
@@ -251,18 +251,17 @@ sub _verify_auth_code_jwt {
     return ( 0, 'invalid_grant' )
         if ( $client_secret ne $client->{ client_secret } );
 
-    my $auth_code_payload;
+    my ( $auth_code_payload,$invalid_jwt );
 
-    my $invalid_jwt;
     try {
         $auth_code_payload = Mojo::JWT->new( secret => $self->jwt_secret )->decode( $auth_code );
     }
     catch {
         $invalid_jwt = 1;
     };
-    return ( 0, 'invalid_grant' ) if $invalid_jwt;
 
     if (  !$auth_code_payload
+        or $invalid_jwt
         or $auth_code_payload->{ type } ne 'auth'
         or $auth_code_payload->{ client } ne $client_id
         or ( $uri && $auth_code_payload->{ aud } ne $uri ) )