refactor: Make internal validators throwing

kylef · kylef · commit a6574d510bc5 · 2016-12-02T02:39:26.000Z
diff --git a/Sources/Claims.swift b/Sources/Claims.swift
@@ -1,53 +1,48 @@
 import Foundation
 
-func validateClaims(_ payload:Payload, audience:String?, issuer:String?) -> InvalidToken? {
-  return validateIssuer(payload, issuer: issuer) ?? validateAudience(payload, audience: audience) ??
-    validateDate(payload, key: "exp", comparison: .orderedAscending, failure: .expiredSignature, decodeError: "Expiration time claim (exp) must be an integer") ??
-    validateDate(payload, key: "nbf", comparison: .orderedDescending, failure: .immatureSignature, decodeError: "Not before claim (nbf) must be an integer") ??
-    validateDate(payload, key: "iat", comparison: .orderedDescending, failure: .invalidIssuedAt, decodeError: "Issued at claim (iat) must be an integer")
+func validateClaims(_ payload:Payload, audience:String?, issuer:String?) throws {
+  try validateIssuer(payload, issuer: issuer)
+  try validateAudience(payload, audience: audience)
+  try validateDate(payload, key: "exp", comparison: .orderedAscending, failure: .expiredSignature, decodeError: "Expiration time claim (exp) must be an integer")
+  try validateDate(payload, key: "nbf", comparison: .orderedDescending, failure: .immatureSignature, decodeError: "Not before claim (nbf) must be an integer")
+  try validateDate(payload, key: "iat", comparison: .orderedDescending, failure: .invalidIssuedAt, decodeError: "Issued at claim (iat) must be an integer")
 }
 
-func validateAudience(_ payload:Payload, audience:String?) -> InvalidToken? {
+func validateAudience(_ payload:Payload, audience:String?) throws {
   if let audience = audience {
     if let aud = payload["aud"] as? [String] {
       if !aud.contains(audience) {
-        return .invalidAudience
+        throw InvalidToken.invalidAudience
       }
     } else if let aud = payload["aud"] as? String {
       if aud != audience {
-        return .invalidAudience
+        throw InvalidToken.invalidAudience
       }
     } else {
-      return .decodeError("Invalid audience claim, must be a string or an array of strings")
+      throw InvalidToken.decodeError("Invalid audience claim, must be a string or an array of strings")
     }
   }
-
-  return nil
 }
 
-func validateIssuer(_ payload:Payload, issuer:String?) -> InvalidToken? {
+func validateIssuer(_ payload:Payload, issuer:String?) throws {
   if let issuer = issuer {
     if let iss = payload["iss"] as? String {
       if iss != issuer {
-        return .invalidIssuer
+        throw InvalidToken.invalidIssuer
       }
     } else {
-      return .invalidIssuer
+      throw InvalidToken.invalidIssuer
     }
   }
-
-  return nil
 }
 
-func validateDate(_ payload:Payload, key:String, comparison:ComparisonResult, failure:InvalidToken, decodeError:String) -> InvalidToken? {
+func validateDate(_ payload:Payload, key:String, comparison:ComparisonResult, failure:InvalidToken, decodeError:String) throws {
   if let timestamp = payload[key] as? TimeInterval ?? (payload[key] as? NSString)?.doubleValue as TimeInterval? {
     let date = Date(timeIntervalSince1970: timestamp)
     if date.compare(Date()) == comparison {
-      return failure
+      throw failure
     }
   } else if payload[key] != nil {
-    return .decodeError(decodeError)
+    throw InvalidToken.decodeError(decodeError)
   }
-
-  return nil
 }
diff --git a/Sources/Decode.swift b/Sources/Decode.swift
@@ -51,9 +51,8 @@ public func decode(_ jwt:String, algorithms:[Algorithm], verify:Bool = true, aud
   switch load(jwt) {
   case let .success(header, payload, signature, signatureInput):
     if verify {
-      if let failure = validateClaims(payload, audience: audience, issuer: issuer) ?? verifySignature(algorithms, header: header, signingInput: signatureInput, signature: signature) {
-        throw failure
-      }
+      try validateClaims(payload, audience: audience, issuer: issuer)
+      try verifySignature(algorithms, header: header, signingInput: signatureInput, signature: signature)
     }
 
     return payload
@@ -115,17 +114,17 @@ func load(_ jwt:String) -> LoadResult {
 
 // MARK: Signature Verification
 
-func verifySignature(_ algorithms:[Algorithm], header:Payload, signingInput:String, signature:Data) -> InvalidToken? {
+func verifySignature(_ algorithms:[Algorithm], header:Payload, signingInput:String, signature:Data) throws {
   if let alg = header["alg"] as? String {
     let matchingAlgorithms = algorithms.filter { algorithm in  algorithm.description == alg }
     let results = matchingAlgorithms.map { algorithm in algorithm.verify(signingInput, signature: signature) }
     let successes = results.filter { $0 }
     if successes.count > 0 {
-      return nil
+      return
     }
 
-    return .invalidAlgorithm
+    throw InvalidToken.invalidAlgorithm
   }
 
-  return .decodeError("Missing Algorithm")
+  throw InvalidToken.decodeError("Missing Algorithm")
 }

Original file line number	Diff line number	Diff line change
`@@ -1,53 +1,48 @@`
`1`	`1`	`import Foundation`
`2`	`2`
`3`		`-func validateClaims(_ payload:Payload, audience:String?, issuer:String?) -> InvalidToken? {`
`4`		`- return validateIssuer(payload, issuer: issuer) ?? validateAudience(payload, audience: audience) ??`
`5`		`- validateDate(payload, key: "exp", comparison: .orderedAscending, failure: .expiredSignature, decodeError: "Expiration time claim (exp) must be an integer") ??`
`6`		`- validateDate(payload, key: "nbf", comparison: .orderedDescending, failure: .immatureSignature, decodeError: "Not before claim (nbf) must be an integer") ??`
`7`		`- validateDate(payload, key: "iat", comparison: .orderedDescending, failure: .invalidIssuedAt, decodeError: "Issued at claim (iat) must be an integer")`
	`3`	`+func validateClaims(_ payload:Payload, audience:String?, issuer:String?) throws {`
	`4`	`+ try validateIssuer(payload, issuer: issuer)`
	`5`	`+ try validateAudience(payload, audience: audience)`
	`6`	`+ try validateDate(payload, key: "exp", comparison: .orderedAscending, failure: .expiredSignature, decodeError: "Expiration time claim (exp) must be an integer")`
	`7`	`+ try validateDate(payload, key: "nbf", comparison: .orderedDescending, failure: .immatureSignature, decodeError: "Not before claim (nbf) must be an integer")`
	`8`	`+ try validateDate(payload, key: "iat", comparison: .orderedDescending, failure: .invalidIssuedAt, decodeError: "Issued at claim (iat) must be an integer")`
`8`	`9`	`}`
`9`	`10`
`10`		`-func validateAudience(_ payload:Payload, audience:String?) -> InvalidToken? {`
	`11`	`+func validateAudience(_ payload:Payload, audience:String?) throws {`
`11`	`12`	`if let audience = audience {`
`12`	`13`	`if let aud = payload["aud"] as? [String] {`
`13`	`14`	`if !aud.contains(audience) {`
`14`		`- return .invalidAudience`
	`15`	`+ throw InvalidToken.invalidAudience`
`15`	`16`	`}`
`16`	`17`	`} else if let aud = payload["aud"] as? String {`
`17`	`18`	`if aud != audience {`
`18`		`- return .invalidAudience`
	`19`	`+ throw InvalidToken.invalidAudience`
`19`	`20`	`}`
`20`	`21`	`} else {`
`21`		`- return .decodeError("Invalid audience claim, must be a string or an array of strings")`
	`22`	`+ throw InvalidToken.decodeError("Invalid audience claim, must be a string or an array of strings")`
`22`	`23`	`}`
`23`	`24`	`}`
`24`		`-`
`25`		`- return nil`
`26`	`25`	`}`
`27`	`26`
`28`		`-func validateIssuer(_ payload:Payload, issuer:String?) -> InvalidToken? {`
	`27`	`+func validateIssuer(_ payload:Payload, issuer:String?) throws {`
`29`	`28`	`if let issuer = issuer {`
`30`	`29`	`if let iss = payload["iss"] as? String {`
`31`	`30`	`if iss != issuer {`
`32`		`- return .invalidIssuer`
	`31`	`+ throw InvalidToken.invalidIssuer`
`33`	`32`	`}`
`34`	`33`	`} else {`
`35`		`- return .invalidIssuer`
	`34`	`+ throw InvalidToken.invalidIssuer`
`36`	`35`	`}`
`37`	`36`	`}`
`38`		`-`
`39`		`- return nil`
`40`	`37`	`}`
`41`	`38`
`42`		`-func validateDate(_ payload:Payload, key:String, comparison:ComparisonResult, failure:InvalidToken, decodeError:String) -> InvalidToken? {`
	`39`	`+func validateDate(_ payload:Payload, key:String, comparison:ComparisonResult, failure:InvalidToken, decodeError:String) throws {`
`43`	`40`	`if let timestamp = payload[key] as? TimeInterval ?? (payload[key] as? NSString)?.doubleValue as TimeInterval? {`
`44`	`41`	`let date = Date(timeIntervalSince1970: timestamp)`
`45`	`42`	`if date.compare(Date()) == comparison {`
`46`		`- return failure`
	`43`	`+ throw failure`
`47`	`44`	`}`
`48`	`45`	`} else if payload[key] != nil {`
`49`		`- return .decodeError(decodeError)`
	`46`	`+ throw InvalidToken.decodeError(decodeError)`
`50`	`47`	`}`
`51`		`-`
`52`		`- return nil`
`53`	`48`	`}`