Merge pull request #123 from ccutrer/no-modify-argument

Don't try to modify the passed in hash
nov · Oct 15, 2024 · 6407f1d · 6407f1d
2 parents 22fce18 + 394de1b
commit 6407f1d
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/lib/json/jwt.rb b/lib/json/jwt.rb
@@ -26,12 +26,12 @@ def initialize(claims = {})
       @content_type = 'application/jwt'
       self.typ = :JWT
       self.alg = :none
+      update claims
       unless claims.nil?
         [:exp, :nbf, :iat].each do |key|
-          claims[key] = claims[key].to_i if claims[key]
+          self[key] = self[key].to_i if self[key]
         end
       end
-      update claims
     end
 
     def sign(private_key_or_secret, algorithm = :autodetect)
@@ -142,4 +142,4 @@ def pretty_generate(jwt_string)
 require 'json/jwk'
 require 'json/jwk/jwkizable'
 require 'json/jwk/set'
-require 'json/jwk/set/fetcher'
+require 'json/jwk/set/fetcher'
diff --git a/spec/json/jwt_spec.rb b/spec/json/jwt_spec.rb
@@ -23,6 +23,15 @@
     JSON::JWT::VERSION.should_not be_blank
   end
 
+  describe '#initialize' do
+    it "doesn't try to modify a frozen hash" do
+      claims = { iss: 'joe', exp: '1300819380' }.freeze
+      jwt = JSON::JWT.new(claims)
+      expect(jwt[:exp]).to eql 1300819380
+      expect(claims[:exp]).to eql '1300819380'
+    end
+  end
+
   context 'when not signed nor encrypted' do
     it do
       jwt.to_s.should == no_signed