diff --git a/src/LitJWT/JwtDecoder.cs b/src/LitJWT/JwtDecoder.cs index fdbed5a..3e06905 100644 --- a/src/LitJWT/JwtDecoder.cs +++ b/src/LitJWT/JwtDecoder.cs @@ -215,9 +215,7 @@ public DecodeResult TryDecode(ReadOnlySpan utf8token, PayloadParser var reader = new System.Text.Json.Utf8JsonReader(decodedPayload); while (reader.Read()) { - if (reader.TokenType == System.Text.Json.JsonTokenType.EndObject) break; - - if (reader.TokenType == JsonTokenType.PropertyName) + if (reader.CurrentDepth == 1 && reader.TokenType == JsonTokenType.PropertyName) { if (reader.ValueTextEquals(JwtConstantsUtf8.Expiration)) { @@ -358,9 +356,7 @@ public DecodeResult TryDecode(ReadOnlySpan token, PayloadParser payl var reader = new System.Text.Json.Utf8JsonReader(decodedPayload); while (reader.Read()) { - if (reader.TokenType == System.Text.Json.JsonTokenType.EndObject) break; - - if (reader.TokenType == JsonTokenType.PropertyName) + if (reader.CurrentDepth == 1 && reader.TokenType == JsonTokenType.PropertyName) { if (reader.ValueTextEquals(JwtConstantsUtf8.Expiration)) { @@ -514,9 +510,7 @@ DecodeResult TryDecodeCore(ReadOnlySpan utf8token, InternalPayloadParse var reader = new System.Text.Json.Utf8JsonReader(decodedPayload); while (reader.Read()) { - if (reader.TokenType == System.Text.Json.JsonTokenType.EndObject) break; - - if (reader.TokenType == JsonTokenType.PropertyName) + if (reader.CurrentDepth == 1 && reader.TokenType == JsonTokenType.PropertyName) { if (reader.ValueTextEquals(JwtConstantsUtf8.Expiration)) { @@ -652,9 +646,7 @@ DecodeResult TryDecodeCore(ReadOnlySpan token, InternalPayloadParser var reader = new System.Text.Json.Utf8JsonReader(decodedPayload); while (reader.Read()) { - if (reader.TokenType == System.Text.Json.JsonTokenType.EndObject) break; - - if (reader.TokenType == JsonTokenType.PropertyName) + if (reader.CurrentDepth == 1 && reader.TokenType == JsonTokenType.PropertyName) { if (reader.ValueTextEquals(JwtConstantsUtf8.Expiration)) { diff --git a/tests/LitJWT.Tests/DecodeTest.cs b/tests/LitJWT.Tests/DecodeTest.cs index 5e595ab..5ac50e5 100644 --- a/tests/LitJWT.Tests/DecodeTest.cs +++ b/tests/LitJWT.Tests/DecodeTest.cs @@ -22,12 +22,14 @@ public class PayloadNbf { public string Foo { get; set; } public int Bar { get; set; } + public Payload Nested { get; set; } public long nbf { get; set; } } public class PayloadExp { public string Foo { get; set; } public int Bar { get; set; } + public Payload Nested { get; set; } public long exp { get; set; } } [Fact] @@ -97,7 +99,8 @@ public void VerifyExp() var decoder = new JwtDecoder(new LitJWT.Algorithms.HS256Algorithm(key)); { - var payload = new PayloadExp { Bar = 1, Foo = "foo", exp = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadExp { Bar = 1, Foo = "foo", Nested = nested, exp = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; var result = encoder.Encode(payload, null, (x, writer) => writer.Write(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(x)))); var decodeResult = decoder.TryDecode(result, x => JsonConvert.DeserializeObject(Encoding.UTF8.GetString(x)), out var decodedPayload); @@ -105,12 +108,31 @@ public void VerifyExp() } { - var payload = new PayloadExp { Bar = 1, Foo = "foo", exp = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadExp { Bar = 1, Foo = "foo", Nested = nested, exp = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; var result = encoder.Encode(payload, null, (x, writer) => writer.Write(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(x)))); var decodeResult = decoder.TryDecode(result, x => JsonConvert.DeserializeObject(Encoding.UTF8.GetString(x)), out var decodedPayload); decodeResult.Should().Be(DecodeResult.Success); } + + { + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadExp { Bar = 1, Foo = "foo", Nested = nested, exp = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var jwt = encoder.Encode(payload, null); + + var decodeResult = decoder.TryDecode(jwt, out PayloadExp decodedPayload); + decodeResult.Should().Be(DecodeResult.FailedVerifyExpire); + } + + { + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadExp { Bar = 1, Foo = "foo", Nested = nested, exp = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var jwt = encoder.Encode(payload, null); + + var decodeResult = decoder.TryDecode(jwt, out PayloadExp decodedPayload); + decodeResult.Should().Be(DecodeResult.Success); + } } [Fact] @@ -121,7 +143,8 @@ public void VerifyNbf() var decoder = new JwtDecoder(new LitJWT.Algorithms.HS256Algorithm(key)); { - var payload = new PayloadNbf { Bar = 1, Foo = "foo", nbf = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadNbf { Bar = 1, Foo = "foo", Nested = nested, nbf = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; var result = encoder.Encode(payload, null, (x, writer) => writer.Write(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(x)))); @@ -130,7 +153,8 @@ public void VerifyNbf() decodeResult.Should().Be(DecodeResult.FailedVerifyNotBefore); } { - var payload = new PayloadNbf { Bar = 1, Foo = "foo", nbf = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadNbf { Bar = 1, Foo = "foo", Nested = nested, nbf = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; var result = encoder.Encode(payload, null, (x, writer) => writer.Write(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(x)))); @@ -138,6 +162,24 @@ public void VerifyNbf() decodeResult.Should().Be(DecodeResult.Success); } + + { + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadNbf { Bar = 1, Foo = "foo", Nested = nested, nbf = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var jwt = encoder.Encode(payload, null); + + var decodeResult = decoder.TryDecode(jwt, out PayloadNbf decodedPayload); + decodeResult.Should().Be(DecodeResult.FailedVerifyNotBefore); + } + + { + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadNbf { Bar = 1, Foo = "foo", Nested = nested, nbf = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var jwt = encoder.Encode(payload, null); + + var decodeResult = decoder.TryDecode(jwt, out PayloadNbf decodedPayload); + decodeResult.Should().Be(DecodeResult.Success); + } } @@ -210,7 +252,8 @@ public void VerifyExpUtf8() var decoder = new JwtDecoder(new LitJWT.Algorithms.HS256Algorithm(key)); { - var payload = new PayloadExp { Bar = 1, Foo = "foo", exp = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadExp { Bar = 1, Foo = "foo", Nested = nested, exp = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; var result = encoder.EncodeAsUtf8Bytes(payload, null, (x, writer) => writer.Write(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(x)))); var decodeResult = decoder.TryDecode(result, x => JsonConvert.DeserializeObject(Encoding.UTF8.GetString(x)), out var decodedPayload); @@ -218,12 +261,31 @@ public void VerifyExpUtf8() } { - var payload = new PayloadExp { Bar = 1, Foo = "foo", exp = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadExp { Bar = 1, Foo = "foo", Nested = nested, exp = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; var result = encoder.EncodeAsUtf8Bytes(payload, null, (x, writer) => writer.Write(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(x)))); var decodeResult = decoder.TryDecode(result, x => JsonConvert.DeserializeObject(Encoding.UTF8.GetString(x)), out var decodedPayload); decodeResult.Should().Be(DecodeResult.Success); } + + { + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadExp { Bar = 1, Foo = "foo", Nested = nested, exp = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var jwt = encoder.EncodeAsUtf8Bytes(payload, null); + + var decodeResult = decoder.TryDecode(jwt, out PayloadExp decodedPayload); + decodeResult.Should().Be(DecodeResult.FailedVerifyExpire); + } + + { + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadExp { Bar = 1, Foo = "foo", Nested = nested, exp = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var jwt = encoder.EncodeAsUtf8Bytes(payload, null); + + var decodeResult = decoder.TryDecode(jwt, out PayloadExp decodedPayload); + decodeResult.Should().Be(DecodeResult.Success); + } } [Fact] @@ -234,7 +296,8 @@ public void VerifyNbfUtf8() var decoder = new JwtDecoder(new LitJWT.Algorithms.HS256Algorithm(key)); { - var payload = new PayloadNbf { Bar = 1, Foo = "foo", nbf = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadNbf { Bar = 1, Foo = "foo", Nested = nested, nbf = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; var result = encoder.EncodeAsUtf8Bytes(payload, null, (x, writer) => writer.Write(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(x)))); @@ -243,12 +306,33 @@ public void VerifyNbfUtf8() decodeResult.Should().Be(DecodeResult.FailedVerifyNotBefore); } { - var payload = new PayloadNbf { Bar = 1, Foo = "foo", nbf = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadNbf { Bar = 1, Foo = "foo", Nested = nested, nbf = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; var result = encoder.EncodeAsUtf8Bytes(payload, null, (x, writer) => writer.Write(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(x)))); var decodeResult = decoder.TryDecode(result, x => JsonConvert.DeserializeObject(Encoding.UTF8.GetString(x)), out var decodedPayload); + decodeResult.Should().Be(DecodeResult.Success); + } + { + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadNbf { Bar = 1, Foo = "foo", Nested = nested, nbf = (DateTimeOffset.UtcNow + TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var jwt = encoder.EncodeAsUtf8Bytes(payload, null); + + + var decodeResult = decoder.TryDecode(jwt, out PayloadNbf decodedPayload); + + decodeResult.Should().Be(DecodeResult.FailedVerifyNotBefore); + } + { + var nested = new Payload { Bar = 2, Foo = "foo2" }; + var payload = new PayloadNbf { Bar = 1, Foo = "foo", Nested = nested, nbf = (DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10)).ToUnixTimeSeconds() }; + var jwt = encoder.EncodeAsUtf8Bytes(payload, null); + + + var decodeResult = decoder.TryDecode(jwt, out PayloadNbf decodedPayload); + decodeResult.Should().Be(DecodeResult.Success); } }