Prevent none algorithm from being valid with a key configured

kylef · kylef · commit b26e118c8c21 · 2015-04-05T23:24:59.000+01:00
diff --git a/JSONWebToken.podspec b/JSONWebToken.podspec
@@ -1,6 +1,6 @@
 Pod::Spec.new do |spec|
   spec.name = 'JSONWebToken'
-  spec.version = '1.0.0'
+  spec.version = '1.0.1'
   spec.summary = 'Swift library for JSON Web Tokens (JWT).'
   spec.homepage = 'https://github.com/kylef/JSONWebToken.swift'
   spec.license = { :type => 'BSD', :file => 'LICENSE' }
diff --git a/JWT/JWT.swift b/JWT/JWT.swift
@@ -13,6 +13,9 @@ public enum Algorithm : Printable {
 
   static func algorithm(name:String, key:String?) -> Algorithm? {
     if name == "none" {
+      if let key = key {
+        return nil  // We don't allow nil when we configured a key
+      }
       return Algorithm.None
     } else if let key = key {
       if name == "HS256" {
diff --git a/JWTTests/JWTTests.swift b/JWTTests/JWTTests.swift
@@ -143,6 +143,11 @@ class JWTDecodeTests : XCTestCase {
       XCTAssertEqual(payload as NSDictionary, ["test": "ing"])
     }
   }
+
+  func testNoneFailsWithSecretAlgorithm() {
+    let jwt = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJ0ZXN0IjoiaW5nIn0."
+    assertFailure(decode(jwt, key:"secret"))
+  }
 }
 
 // MARK: Helpers

Original file line number	Diff line number	Diff line change
`@@ -143,6 +143,11 @@ class JWTDecodeTests : XCTestCase {`
`143`	`143`	`XCTAssertEqual(payload as NSDictionary, ["test": "ing"])`
`144`	`144`	`}`
`145`	`145`	`}`
	`146`	`+`
	`147`	`+ func testNoneFailsWithSecretAlgorithm() {`
	`148`	`+ let jwt = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJ0ZXN0IjoiaW5nIn0."`
	`149`	`+ assertFailure(decode(jwt, key:"secret"))`
	`150`	`+ }`
`146`	`151`	`}`
`147`	`152`
`148`	`153`	`// MARK: Helpers`