feat: don't cast the JSON payload unless validation is required

allows for a wider variety of payloads
crystal-community · Dec 17, 2019 · 1d5699c · 1d5699c
1 parent ec10b5b
commit 1d5699c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 7 deletions.
diff --git a/shard.yml b/shard.yml
@@ -1,5 +1,5 @@
 name: jwt
-version: 1.3.1
+version: 1.4.0
 
 authors:
   - Potapov Sergey <[email protected]>

diff --git a/src/jwt.cr b/src/jwt.cr
@@ -69,14 +69,15 @@ module JWT
     header = JSON.parse(header_json).as_h
 
     payload_json = Base64.decode_string(encoded_payload)
-    payload = JSON.parse(payload_json).as_h
+    payload = JSON.parse(payload_json)
 
     if validate
-      validate_exp!(payload["exp"]) if payload["exp"]?
-      validate_nbf!(payload["nbf"]) if payload["nbf"]?
-      validate_aud!(payload, opts[:aud]?) if opts[:aud]?
-      validate_iss!(payload, opts[:iss]?) if opts[:iss]?
-      validate_sub!(payload, opts[:sub]?) if opts[:sub]?
+      check = payload.as_h
+      validate_exp!(check["exp"]) if check["exp"]?
+      validate_nbf!(check["nbf"]) if check["nbf"]?
+      validate_aud!(check, opts[:aud]?) if opts[:aud]?
+      validate_iss!(check, opts[:iss]?) if opts[:iss]?
+      validate_sub!(check, opts[:sub]?) if opts[:sub]?
     end
 
     {payload, header}