certain malformed JWTs throw nil errors

Question

certain malformed JWTs throw nil errors

cainlevy opened this issue 7 years ago · 1 comments

As of fc84206, the following attempt at decoding malformed JWTs will error in unexpected ways:

irb(main):001:0> JSON::JWT.decode('a.b.c')
NoMethodError: undefined method `with_indifferent_access' for nil:NilClass
        from /Users/cainlevy/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/json-jwt-1.8.0/lib/json/jws.rb:143:in `block in decode_compact_serialized'
        from /Users/cainlevy/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/json-jwt-1.8.0/lib/json/jws.rb:142:in `collect'
        from /Users/cainlevy/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/json-jwt-1.8.0/lib/json/jws.rb:142:in `decode_compact_serialized'
        from /Users/cainlevy/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/json-jwt-1.8.0/lib/json/jwt.rb:85:in `decode_compact_serialized'
        from /Users/cainlevy/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/json-jwt-1.8.0/lib/json/jose.rb:52:in `decode'
        from (irb):1
        from bin/console:14:in `<main>'

This appears to be because MultiJson.decode(nil) will throw an exception, while JSON.decode(nil) will not.

Answer 1 · 2017-12-04T06:23:17.000Z

thanks for your reporting.
the fix is now in v1.8.1