Add JWTSigner.unsecuredNone (#79)

* Allow empty signature When encoding an Unsecured JWT with the "none" algorithm, the encoded signature is the empty string. * Add JWTSigner.unsecuredNone * Test that signature is empty when using `.unsecuredNone` * Add decoding test for the "none" algorithm
vapor · Aug 2, 2022 · 87ce13a · 87ce13a
1 parent aa7d9cd
commit 87ce13a
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 1 deletion.
diff --git a/Sources/JWTKit/JWTParser.swift b/Sources/JWTKit/JWTParser.swift
@@ -8,7 +8,8 @@ struct JWTParser {
     init<Token>(token: Token) throws
         where Token: DataProtocol
     {
-        let tokenParts = token.copyBytes().split(separator: .period)
+        let tokenParts = token.copyBytes()
+            .split(separator: .period, omittingEmptySubsequences: false)
         guard tokenParts.count == 3 else {
             throw JWTError.malformedToken
         }

diff --git a/Sources/JWTKit/None/JWTSigner+UnsecuredNone.swift b/Sources/JWTKit/None/JWTSigner+UnsecuredNone.swift
@@ -0,0 +1,3 @@
+extension JWTSigner {
+    public static let unsecuredNone: JWTSigner = .init(algorithm: UnsecuredNoneSigner())
+}
diff --git a/Sources/JWTKit/None/UnsecuredNoneSigner.swift b/Sources/JWTKit/None/UnsecuredNoneSigner.swift
@@ -0,0 +1,19 @@
+import Foundation
+
+internal struct UnsecuredNoneSigner: JWTAlgorithm {
+    var name: String {
+        "none"
+    }
+
+    func sign<Plaintext>(_ plaintext: Plaintext) throws -> [UInt8]
+        where Plaintext: DataProtocol
+    {
+        []
+    }
+
+    func verify<Signature, Plaintext>(_ signature: Signature, signs plaintext: Plaintext) throws -> Bool
+        where Signature: DataProtocol, Plaintext: DataProtocol
+    {
+        signature.isEmpty
+    }
+}
diff --git a/Tests/JWTKitTests/JWTKitTests.swift b/Tests/JWTKitTests/JWTKitTests.swift
@@ -148,6 +148,22 @@ class JWTKitTests: XCTestCase {
         let payload = try signers.verify(data, as: TestPayload.self)
         XCTAssertEqual(payload.name, "John Doe")
     }
+
+    func testUnsecuredNone() throws {
+        let data =
+            "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJleHAiOjIwMDAwMDAwMDAsImFkbWluIjpmYWxzZSwibmFtZSI6IkZvbyIsInN1YiI6InZhcG9yIn0."
+        let payload = TestPayload(
+            sub: "vapor",
+            name: "Foo",
+            admin: false,
+            exp: .init(value: .init(timeIntervalSince1970: 2_000_000_000))
+        )
+        let signer = JWTSigner.unsecuredNone
+        let token = try signer.sign(payload)
+        try XCTAssertEqual(signer.verify(token.bytes, as: TestPayload.self), payload)
+        try XCTAssertEqual(signer.verify(data.bytes, as: TestPayload.self), payload)
+        XCTAssertTrue(token.hasSuffix("."))
+    }
 
     func testRSA() throws {
         let privateSigner = try JWTSigner.rs256(key: .private(pem: rsaPrivateKey.bytes))