From 5ff0ed07009d0922807b8c05e2211fddc849ae97 Mon Sep 17 00:00:00 2001 From: Dominic St-Jacques Date: Tue, 13 Sep 2016 12:03:27 -0400 Subject: [PATCH] Adding distinct TokenExpiredException (#33) --- JWT.Tests/DecodeTests.cs | 4 ++-- JWT/JWT.cs | 12 +++++++++--- JWT/JWT.csproj | 1 + JWT/TokenExpiredException.cs | 12 ++++++++++++ 4 files changed, 24 insertions(+), 5 deletions(-) create mode 100644 JWT/TokenExpiredException.cs diff --git a/JWT.Tests/DecodeTests.cs b/JWT.Tests/DecodeTests.cs index f0d7ed1eb..90572b0bd 100644 --- a/JWT.Tests/DecodeTests.cs +++ b/JWT.Tests/DecodeTests.cs @@ -113,8 +113,8 @@ public void Should_Throw_On_Invalid_Expiration_Claim() } [TestMethod] - [ExpectedException(typeof(SignatureVerificationException))] - public void Should_Throw_On_Expired_Token() + [ExpectedException(typeof(TokenExpiredException))] + public void Should_Throw_On_Expired_Claim() { var anHourAgoUtc = DateTime.UtcNow.Subtract(new TimeSpan(1, 0, 0)); Int32 unixTimestamp = (Int32)(anHourAgoUtc.Subtract(new DateTime(1970, 1, 1))).TotalSeconds; diff --git a/JWT/JWT.cs b/JWT/JWT.cs index 6f762b406..32a31896f 100755 --- a/JWT/JWT.cs +++ b/JWT/JWT.cs @@ -114,6 +114,7 @@ public static string Encode(object payload, string key, JwtHashAlgorithm algorit /// Whether to verify the signature (default is true). /// A string containing the JSON payload. /// Thrown if the verify parameter was true and the signature was NOT valid or if the JWT was signed with an unsupported algorithm. + /// Thrown if the verify parameter was true and the token has an expired exp claim. public static string Decode(string token, byte[] key, bool verify = true) { var parts = token.Split('.'); @@ -162,7 +163,7 @@ private static void Verify(string decodedCrypto, string decodedSignature, string { exp = Convert.ToInt32(payloadData["exp"]); } - catch (Exception) + catch (FormatException) { throw new SignatureVerificationException("Claim 'exp' must be an integer."); } @@ -170,7 +171,7 @@ private static void Verify(string decodedCrypto, string decodedSignature, string var secondsSinceEpoch = Math.Round((DateTime.UtcNow - UnixEpoch).TotalSeconds); if (secondsSinceEpoch >= exp) { - throw new SignatureVerificationException("Token has expired."); + throw new TokenExpiredException("Token has expired."); } } } @@ -183,6 +184,7 @@ private static void Verify(string decodedCrypto, string decodedSignature, string /// Whether to verify the signature (default is true). /// A string containing the JSON payload. /// Thrown if the verify parameter was true and the signature was NOT valid or if the JWT was signed with an unsupported algorithm. + /// Thrown if the verify parameter was true and the token has an expired exp claim. public static string Decode(string token, string key, bool verify = true) { return Decode(token, Encoding.UTF8.GetBytes(key), verify); @@ -196,6 +198,7 @@ public static string Decode(string token, string key, bool verify = true) /// Whether to verify the signature (default is true). /// An object representing the payload. /// Thrown if the verify parameter was true and the signature was NOT valid or if the JWT was signed with an unsupported algorithm. + /// Thrown if the verify parameter was true and the token has an expired exp claim. public static object DecodeToObject(string token, byte[] key, bool verify = true) { var payloadJson = Decode(token, key, verify); @@ -211,6 +214,7 @@ public static object DecodeToObject(string token, byte[] key, bool verify = true /// Whether to verify the signature (default is true). /// An object representing the payload. /// Thrown if the verify parameter was true and the signature was NOT valid or if the JWT was signed with an unsupported algorithm. + /// Thrown if the verify parameter was true and the token has an expired exp claim. public static object DecodeToObject(string token, string key, bool verify = true) { return DecodeToObject(token, Encoding.UTF8.GetBytes(key), verify); @@ -225,6 +229,7 @@ public static object DecodeToObject(string token, string key, bool verify = true /// Whether to verify the signature (default is true). /// An object representing the payload. /// Thrown if the verify parameter was true and the signature was NOT valid or if the JWT was signed with an unsupported algorithm. + /// Thrown if the verify parameter was true and the token has an expired exp claim. public static T DecodeToObject(string token, byte[] key, bool verify = true) { var payloadJson = Decode(token, key, verify); @@ -241,6 +246,7 @@ public static T DecodeToObject(string token, byte[] key, bool verify = true) /// Whether to verify the signature (default is true). /// An object representing the payload. /// Thrown if the verify parameter was true and the signature was NOT valid or if the JWT was signed with an unsupported algorithm. + /// Thrown if the verify parameter was true and the token has an expired exp claim. public static T DecodeToObject(string token, string key, bool verify = true) { return DecodeToObject(token, Encoding.UTF8.GetBytes(key), verify); @@ -278,7 +284,7 @@ public static byte[] Base64UrlDecode(string input) case 0: break; // No pad chars in this case case 2: output += "=="; break; // Two pad chars case 3: output += "="; break; // One pad char - default: throw new Exception("Illegal base64url string!"); + default: throw new FormatException("Illegal base64url string!"); } var converted = Convert.FromBase64String(output); // Standard base64 decoder return converted; diff --git a/JWT/JWT.csproj b/JWT/JWT.csproj index ecdb738fb..45e7ff450 100644 --- a/JWT/JWT.csproj +++ b/JWT/JWT.csproj @@ -43,6 +43,7 @@ +