Meet SourceLevel, your automatic code reviewer

SourceLevel does continuous static analysis of your GitHub repositories and delivers it straight to your Pull Requests

Get started for free

Great, lib/jwt/verify.rb does not have any issues!

Go to line 1
# frozen_string_literal: true
Go to line 3
require 'jwt/error'
Go to line 5
module JWT
Go to line 6
  # JWT verify methods
Go to line 7
  class Verify
Go to line 8
    DEFAULTS = {
Go to line 9
      leeway: 0
Go to line 12
    class << self
Go to line 13
      %w[verify_aud verify_expiration verify_iat verify_iss verify_jti verify_not_before verify_sub].each do |method_name|
Go to line 14
        define_method method_name do |payload, options|
Go to line 15
          new(payload, options).send(method_name)
Go to line 19
      def verify_claims(payload, options)
Go to line 20
        options.each do |key, val|
Go to line 21
          next unless key.to_s =~ /verify/
Go to line 22
          Verify.send(key, payload, options) if val
Go to line 27
    def initialize(payload, options)
Go to line 28
      @payload = payload
Go to line 29
      @options = DEFAULTS.merge(options)
Go to line 32
    def verify_aud
Go to line 33
      return unless (options_aud = @options[:aud])
Go to line 35
      aud = @payload['aud']
Go to line 36
      raise(JWT::InvalidAudError, "Invalid audience. Expected #{options_aud}, received #{aud || '<none>'}") if ([*aud] & [*options_aud]).empty?
Go to line 39
    def verify_expiration
Go to line 40
      return unless @payload.include?('exp')
Go to line 41
      raise(JWT::ExpiredSignature, 'Signature has expired') if @payload['exp'].to_i <= (Time.now.to_i - exp_leeway)
Go to line 44
    def verify_iat
Go to line 45
      return unless @payload.include?('iat')
Go to line 47
      iat = @payload['iat']
Go to line 48
      raise(JWT::InvalidIatError, 'Invalid iat') if !iat.is_a?(Numeric) || iat.to_f > Time.now.to_f
Go to line 51
    def verify_iss
Go to line 52
      return unless (options_iss = @options[:iss])
Go to line 54
      iss = @payload['iss']
Go to line 56
      return if Array(options_iss).map(&:to_s).include?(iss.to_s)
Go to line 58
      raise(JWT::InvalidIssuerError, "Invalid issuer. Expected #{options_iss}, received #{iss || '<none>'}")
Go to line 61
    def verify_jti
Go to line 62
      options_verify_jti = @options[:verify_jti]
Go to line 63
      jti = @payload['jti']
Go to line 65
      if options_verify_jti.respond_to?(:call)
Go to line 66
        verified = options_verify_jti.arity == 2 ? options_verify_jti.call(jti, @payload) : options_verify_jti.call(jti)
Go to line 67
        raise(JWT::InvalidJtiError, 'Invalid jti') unless verified
Go to line 68
      elsif jti.to_s.strip.empty?
Go to line 69
        raise(JWT::InvalidJtiError, 'Missing jti')
Go to line 73
    def verify_not_before
Go to line 74
      return unless @payload.include?('nbf')
Go to line 75
      raise(JWT::ImmatureSignature, 'Signature nbf has not been reached') if @payload['nbf'].to_i > (Time.now.to_i + nbf_leeway)
Go to line 78
    def verify_sub
Go to line 79
      return unless (options_sub = @options[:sub])
Go to line 80
      sub = @payload['sub']
Go to line 81
      raise(JWT::InvalidSubError, "Invalid subject. Expected #{options_sub}, received #{sub || '<none>'}") unless sub.to_s == options_sub.to_s
Go to line 86
    def global_leeway
Go to line 87
      @options[:leeway]
Go to line 90
    def exp_leeway
Go to line 91
      @options[:exp_leeway] || global_leeway
Go to line 94
    def nbf_leeway
Go to line 95
      @options[:nbf_leeway] || global_leeway