Set the JWT algorithm to RS256 in decode specs

By default, the JWT decode only allows HS256 mode (HMAC using SHA-256 hash algorithm). The specs using RSA tokens failed per https://github.com/jwt/ruby-jwt#algorithms-and-usage: It is strongly recommended that you hard code the algorithm, as you may leave yourself vulnerable by dynamically picking the algorithm.
author: Stan Hu <stanhu@gmail.com> 2018-12-29 17:20:04 +0300
committer: Stan Hu <stanhu@gmail.com> 2018-12-29 17:20:04 +0300
commit: 34f51dee0d336487a3fac0946eb198bb5996368b (patch)
tree: 2c6748d6cd68dc9c49225fb5936969cc2876595a /spec/lib/json_web_token
parent: ae8724ff227f7cc80f10c605cecfbd5c4f63922a (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/spec/lib/json_web_token/rsa_token_spec.rb b/spec/lib/json_web_token/rsa_token_spec.rb
index d6edc964844..a3c54651e80 100644
--- a/spec/lib/json_web_token/rsa_token_spec.rb
+++ b/spec/lib/json_web_token/rsa_token_spec.rb
@@ -25,7 +25,7 @@ describe JSONWebToken::RSAToken do
         rsa_token['key'] = 'value'
       end
 
-      subject { JWT.decode(rsa_encoded, rsa_key) }
+      subject { JWT.decode(rsa_encoded, rsa_key, true, { algorithm: 'RS256' }) }
 
       it { expect {subject}.not_to raise_error }
       it { expect(subject.first).to include('key' => 'value') }
@@ -39,7 +39,7 @@ describe JSONWebToken::RSAToken do
 
     context 'for invalid key to raise an exception' do
       let(:new_key) { OpenSSL::PKey::RSA.generate(512) }
-      subject { JWT.decode(rsa_encoded, new_key) }
+      subject { JWT.decode(rsa_encoded, new_key, true, { algorithm: 'RS256' }) }
 
       it { expect {subject}.to raise_error(JWT::DecodeError) }
     end
author	Stan Hu <stanhu@gmail.com>	2018-12-29 17:20:04 +0300
committer	Stan Hu <stanhu@gmail.com>	2018-12-29 17:20:04 +0300
commit	34f51dee0d336487a3fac0946eb198bb5996368b (patch)
tree	2c6748d6cd68dc9c49225fb5936969cc2876595a /spec/lib/json_web_token
parent	ae8724ff227f7cc80f10c605cecfbd5c4f63922a (diff)