示例#1
0
        public IDictionary <string, string> Decode(string token)
        {
            IDictionary <string, string> payload;

            _builder.MustVerifySignature().Decode <IDictionary <string, IDictionary <string, string> > >(token)
            .TryGetValue("payload", out payload);

            return(payload);
        }
示例#2
0
        public User Verify(string token)
        {
            try {
                var payload = Builder
                              .MustVerifySignature()
                              .Decode <IDictionary <string, object> >(token);

                return(new User {
                    Id = (int)(Int64)payload["Id"],
                    Email = (string)payload["Email"],
                    Role = (UserRole)(Int64)payload["Role"],
                });
            } catch (TokenExpiredException) {
                return(null);
            } catch (SignatureVerificationException) {
                return(null);
            }
        }
示例#3
0
        void DecodingWithBuilder()
        {
            var decoded1 = new JwtBuilder() // Noncompliant {{Use only strong cipher algorithms when verifying the signature of this JWT.}}
                           .WithSecret(secret)
                           .Decode(invalidToken);

            var decoded2 = new JwtBuilder()
                           .WithSecret(secret)
                           .MustVerifySignature()
                           .Decode(invalidToken);

            var builder1 = new JwtBuilder().WithSecret(secret);

            builder1.Decode(invalidToken); // Noncompliant

            try
            {
                if (true)
                {
                    builder1.Decode(invalidToken); // Noncompliant, tracking outside nested block
                }
            }
            finally
            {
            }

            var builder2 = builder1.MustVerifySignature();

            builder2.Decode(invalidToken);

            var builder3 = new JwtBuilder().WithSecret(secret).MustVerifySignature();

            builder3.Decode(invalidToken);

            var builder4 = (((new JwtBuilder()).WithSecret(secret)));

            builder4.Decode(invalidToken); // Noncompliant

            var builder5 = new JwtBuilder().WithSecret(secret).DoNotVerifySignature();

            builder5.Decode(invalidToken);   // Noncompliant

            var decoded11 = new JwtBuilder() // Noncompliant
                            .WithSecret(secret)
                            .WithVerifySignature(true)
                            .MustVerifySignature()
                            .DoNotVerifySignature()
                            .Decode(invalidToken);

            var Decoded12 = new JwtBuilder()
                            .WithSecret(secret)
                            .WithVerifySignature(false)
                            .DoNotVerifySignature()
                            .MustVerifySignature()
                            .Decode(invalidToken);

            var Decoded21 = new JwtBuilder()
                            .WithSecret(secret)
                            .DoNotVerifySignature()
                            .WithVerifySignature(false)
                            .WithVerifySignature(true)
                            .Decode(invalidToken);

            var Decoded31 = new JwtBuilder()  // Noncompliant
                            .WithSecret(secret)
                            .MustVerifySignature()
                            .WithVerifySignature(true)
                            .WithVerifySignature(false)
                            .Decode(invalidToken);
        }