Merge pull request #17 from threedaymonk/truthiness

Verify if verify is truthy (not just true)
jwt · Mar 13, 2013 · f7e7337 · f7e7337
2 parents 76fb4f2 + ffa5dd3
commit f7e7337
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/lib/jwt.rb b/lib/jwt.rb
@@ -70,7 +70,7 @@ def self.decode(jwt, key=nil, verify=true, &keyfinder)
     rescue MultiJson::LoadError => e
       raise JWT::DecodeError.new("Invalid segment encoding")
     end
-    if verify == true
+    if verify
       algo = header['alg']
 
       if keyfinder

diff --git a/spec/jwt_spec.rb b/spec/jwt_spec.rb
@@ -66,6 +66,14 @@
     decoded_payload.should == @payload
   end
 
+  it "checks the key when verify is truthy" do
+    right_secret = 'foo'
+    bad_secret = 'bar'
+    jwt = JWT.encode(@payload, right_secret)
+    verify = "yes" =~ /^y/i
+    lambda { JWT.decode(jwt, bad_secret, verify) }.should raise_error(JWT::DecodeError)
+  end
+
   it "raises exception on unsupported crypto algorithm" do
     lambda { JWT.encode(@payload, "secret", 'HS1024') }.should raise_error(NotImplementedError)
   end