fixes

Author: DorianGray

jwt-0.3-1.rockspec renamed to jwt-0.3-2.rockspec

@@ -1,5 +1,5 @@
 package = "jwt"
-version = "0.3-1"
+version = "0.3-2"
 source = {
   url = "https://github.com/Olivine-Labs/lua-jwt/archive/v0.3.tar.gz",
   dir = "lua-jwt-0.3"

spec/jwt_spec.lua

@@ -1,6 +1,7 @@
 describe("JWT spec", function()
 
   local jwt = require 'jwt'
+  local crypto = require 'crypto'
   local plainJwt = "eyJhbGciOiJub25lIn0.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
 
   it("can decode a plain text token", function()
@@ -50,16 +51,6 @@ describe("JWT spec", function()
     assert.are.same(claims, decodedClaims)
   end)
 
-  it("it cannot decode a token without a signature but with a key specified", function()
-    local claims = {
-      test = "test",
-    }
-    local keyPair = crypto.pkey.generate("rsa", 512)
-    local token, err = jwt.encode(claims, {alg = "RS256"})
-    local decodedClaims = jwt.decode(token, {keys = {public = keyPair}})
-    assert.are.same(decodedClaims, nil)
-  end)
-
   it("it cannot encode/decode a signed plain text token with alg=RS256 and an incorrect key", function()
     local claims = {
       test = "test",
@@ -93,4 +84,32 @@ EQIDAQAB
     assert(not token)
     assert(err ~= nil)
   end)
+
+  it("can encode and decode rs256", function()
+    local keys = {
+      private = crypto.pkey.from_pem(
+[[-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBANfnFz7xPmYVdJxZE7sQ5quh/XUzB5y/D5z2A7KPYXUgUP0jd5yL
+Z7+pVBcFSUm5AZXJLXH4jPVOXztcmiu4ta0CAwEAAQJBAJYXWNmw7Cgbkk1+v3C0
+dyeqHYF0UD5vtHLxs/BWLPI2lZO0e6ixFNI4uIuatBox1Zbzt1TSy8T09Slt4tNL
+CAECIQD6PHDGtKXcI2wUSvh4y8y7XfvwlwRPU2AzWZ1zvOCbbQIhANzgMpUNOZL2
+vakju4sal1yZeXUWO8FurmsAyotAx9tBAiB2oQKh4PAkXZKWSDhlI9CqHtMaaq17
+Yb5geaKARNGCPQIgILYrh5ufzT4xtJ0QJ3fWtuYb8NVMIEeuGTbSyHDdqIECIQDZ
+3LNCyR2ykwetc6KqbQh3W4VkuatAQgMv5pNdFLrfmg==
+-----END RSA PRIVATE KEY-----]], true),
+      public = crypto.pkey.from_pem(
+[[-----BEGIN PUBLIC KEY-----
+MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANfnFz7xPmYVdJxZE7sQ5quh/XUzB5y/
+D5z2A7KPYXUgUP0jd5yLZ7+pVBcFSUm5AZXJLXH4jPVOXztcmiu4ta0CAwEAAQ==
+-----END PUBLIC KEY-----]], false),
+    }
+    local claims = {
+      test = "test",
+      longClaim = "iubvn1oubv91henvicuqnw93bn19u  ndij npkhabsdvlb23iou4bijbandlivubhql3ubvliuqwdbnvliuqwhv9ulqbhiulbiluabsdvuhbq9urbv9ubqubxuvbu9qbdshvuhqniuhv9uhbfq9uhr89hqu9ebnv9uqhu9rbvp9843$#BVCo²¸´no414i"
+    }
+    local token = jwt.encode(claims, {alg = "RS256", keys = keys})
+    local decodedClaims, err = jwt.decode(token, {keys = keys})
+    if not decodedClaims then error(err) end
+    assert.are.same(claims, decodedClaims)
+  end)
 end)

src/jwt.lua

@@ -45,17 +45,14 @@ function data.encode(claims, options)
   local header    = header(options)
   local token, err = jwt:encode(header, claims, options)
   if not token then return nil, err end
-  return token:gsub('+','-'):gsub('/','_'):gsub('=','')
+  return token
 end
 
 function data.decode(str, options)
   if not str then return nil, "Parameter 1 cannot be nil" end
   local dotFirst = str:find("%.")
   if not dotFirst then return nil, "Invalid token" end
   str = str:gsub('-','+'):gsub('_','/')
-  local mod = #str % 3
-  if mod == 1 then str = str..'='
-  elseif mod == 2 then str = str..'==' end
   local header = json.decode((basexx.from_base64(str:sub(1,dotFirst-1))))
 
   return getJwt(header):decode(header, str, options)

src/jwt/jws.lua

@@ -21,17 +21,17 @@ data.verify = {
   end,
 }
 
+local function urlSafe(base64)
+  return base64:gsub('+','-'):gsub('/','_'):gsub('=','')
+end
+
 function data:encode(header, claims, options)
   if not options then error("options are required") end
-  local claims    = json.encode(claims)
-  local envelope  = basexx.to_base64(json.encode(header)).."."..basexx.to_base64(claims)
-  local signature
-  if options.keys then
-    local err
-    signature, err = self.sign[header.alg](envelope, options.keys.private)
-    if not signature then return nil, err end
-  end
-  return envelope .. "." .. (signature and basexx.to_base64(signature) or "")
+  if not options.keys then error("keys are required") end
+  local envelope  = urlSafe(basexx.to_base64(json.encode(header)).."."..basexx.to_base64(json.encode(claims)))
+  local signature, err = self.sign[header.alg](envelope, options.keys.private)
+  if not signature then error('failed to generate signature') end
+  return envelope ..'.'..urlSafe(basexx.to_base64(signature))
 end
 
 function data:decode(header, str, options)
@@ -55,7 +55,7 @@ function data:decode(header, str, options)
 
   local message = basexx.from_base64(bodyStr)
   if signature then
-    if not self.verify[header.alg](rawHeader.."."..bodyStr, signature, options.keys.public) then
+    if not self.verify[header.alg](urlSafe(rawHeader).."."..urlSafe(bodyStr), signature, options.keys.public) then
       return nil, "Invalid token"
     end
   end