Uncatched exception in jwt->verify()

Question

Uncatched exception in jwt->verify()

Closed this issue 7 years ago · 2 comments

When there is a mismatch in Verification\EncryptionVerifier (like "alg":none while we use new Emarref\Jwt\Algorithm\Hs256( secretkey)), it throw a RuntimeException that is not catched in jwt->verify().

I suggest to catch it and propagate to the caller. Or it could return false for caller convenience.

public function verify(Token $token, Verification\Context $context)
{
try { // added
foreach ($this->getVerifiers($context) as $verifier) {
$verifier->verify($token);
}
} catch ( \Exception $e) { //this block is added
throw new \RuntimeException( $e->getMessage() );
// return false; // in case this function should return a bool
}
return true;
}

Answer 1 · 2017-03-24T23:53:55.000Z

Great thanks for this. I'll take a look in the next few days and report back.

Answer 2 · 2017-03-28T07:54:05.000Z

What would be the benefit in catching one exception to throw another?