Meet SourceLevel, your automatic code reviewer

SourceLevel does continuous static analysis of your GitHub repositories and delivers it straight to your Pull Requests

Get started for free

Great, lib/jwt/decode.rb does not have any issues!

Go to line 1
# frozen_string_literal: true
Go to line 3
require 'json'
Go to line 5
require 'jwt/signature'
Go to line 6
require 'jwt/verify'
Go to line 7
# JWT::Decode module
Go to line 8
module JWT
Go to line 9
  # Decoding logic for JWT
Go to line 10
  class Decode
Go to line 11
    def initialize(jwt, key, verify, options, &keyfinder)
Go to line 12
      raise(JWT::DecodeError, 'Nil JSON web token') unless jwt
Go to line 13
      @jwt = jwt
Go to line 14
      @key = key
Go to line 15
      @options = options
Go to line 16
      @segments = jwt.split('.')
Go to line 17
      @verify = verify
Go to line 18
      @signature = ''
Go to line 19
      @keyfinder = keyfinder
Go to line 22
    def decode_segments
Go to line 23
      validate_segment_count!
Go to line 24
      if @verify
Go to line 25
        decode_crypto
Go to line 26
        verify_signature
Go to line 27
        verify_claims
Go to line 29
      raise(JWT::DecodeError, 'Not enough or too many segments') unless header && payload
Go to line 30
      [payload, header]
Go to line 35
    def verify_signature
Go to line 36
      raise(JWT::IncorrectAlgorithm, 'An algorithm must be specified') if allowed_algorithms.empty?
Go to line 37
      raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') unless options_includes_algo_in_header?
Go to line 39
      @key = find_key(&@keyfinder) if @keyfinder
Go to line 40
      @key = ::JWT::JWK::KeyFinder.new(jwks: @options[:jwks]).key_for(header['kid']) if @options[:jwks]
Go to line 42
      Signature.verify(header['alg'], @key, signing_input, @signature)
Go to line 45
    def options_includes_algo_in_header?
Go to line 46
      allowed_algorithms.include? header['alg']
Go to line 49
    def allowed_algorithms
Go to line 50
      # Order is very important - first check for string keys, next for symbols
Go to line 51
      if @options.key?('algorithm')
Go to line 52
        [@options['algorithm']]
Go to line 53
      elsif @options.key?(:algorithm)
Go to line 54
        [@options[:algorithm]]
Go to line 55
      elsif @options.key?('algorithms')
Go to line 56
        @options['algorithms'] || []
Go to line 57
      elsif @options.key?(:algorithms)
Go to line 58
        @options[:algorithms] || []
Go to line 64
    def find_key(&keyfinder)
Go to line 65
      key = (keyfinder.arity == 2 ? yield(header, payload) : yield(header))
Go to line 66
      raise JWT::DecodeError, 'No verification key available' unless key
Go to line 70
    def verify_claims
Go to line 71
      Verify.verify_claims(payload, @options)
Go to line 74
    def validate_segment_count!
Go to line 75
      return if segment_length == 3
Go to line 76
      return if !@verify && segment_length == 2 # If no verifying required, the signature is not needed
Go to line 77
      return if segment_length == 2 && header['alg'] == 'none'
Go to line 79
      raise(JWT::DecodeError, 'Not enough or too many segments')
Go to line 82
    def segment_length
Go to line 83
      @segments.count
Go to line 86
    def decode_crypto
Go to line 87
      @signature = JWT::Base64.url_decode(@segments[2] || '')
Go to line 90
    def header
Go to line 91
      @header ||= parse_and_decode @segments[0]
Go to line 94
    def payload
Go to line 95
      @payload ||= parse_and_decode @segments[1]
Go to line 98
    def signing_input
Go to line 99
      @segments.first(2).join('.')
Go to line 102
    def parse_and_decode(segment)
Go to line 103
      JWT::JSON.parse(JWT::Base64.url_decode(segment))
Go to line 104
    rescue ::JSON::ParserError
Go to line 105
      raise JWT::DecodeError, 'Invalid segment encoding'