support decoding unvalidated jwts

* upgrade jsonwebtoken to 4 * use dangerous_unsafe_decode instead of decode
mike-engel · Apr 18, 2018 · 81afa3d · 81afa3d
1 parent 0587819
commit 81afa3d
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 34 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -10,7 +10,7 @@ test = true
 
 [dependencies]
 clap = "2"
-jsonwebtoken = "2"
+jsonwebtoken = "4"
 term-painter = "0.2"
 serde = "1"
 serde_derive = "1"

diff --git a/src/main.rs b/src/main.rs
@@ -11,7 +11,7 @@ extern crate term_painter;
 
 use chrono::{Duration, Utc};
 use clap::{App, Arg, ArgMatches, SubCommand};
-use jwt::{Algorithm, decode, encode, Header, TokenData, Validation};
+use jwt::{Algorithm, decode, dangerous_unsafe_decode, encode, Header, TokenData, Validation};
 use jwt::errors::{Error, ErrorKind, Result as JWTResult};
 use serde_json::{from_str, to_string_pretty, Value};
 use std::collections::BTreeMap;
@@ -287,15 +287,15 @@ fn create_validations(alg: Algorithm, secret: &[u8]) -> (Validation, Validation)
  (
  Validation {
  leeway: 1000,
- algorithms: Some(vec![alg]),
- validate_signature: secret.len() > 0,
+ algorithms: vec![alg],
+ // validate_signature: secret.len() > 0,
  ..Default::default()
  },
  Validation {
  validate_exp: false,
  validate_iat: false,
  validate_nbf: false,
- validate_signature: false,
+ // validate_signature: false,
  ..Default::default()
  },
  )
@@ -342,8 +342,8 @@ fn decode_token(matches: &ArgMatches) -> (JWTResult<TokenData<Payload>>, TokenDa
  let (secret_validator, decode_validator) = create_validations(algorithm, &secret);
 
  (
- decode::<Payload>(&jwt, secret.as_ref(), &secret_validator),
- decode::<Payload>(&jwt, secret.as_ref(), &decode_validator).unwrap(),
+ dangerous_unsafe_decode::<Payload>(&jwt),
+ dangerous_unsafe_decode::<Payload>(&jwt).unwrap(),
  )
 }