Skip to content

isJWT function returning true for invalid JWT tokens with 2 parts #2216

New issue
New issue
Closed
Closed
isJWT function returning true for invalid JWT tokens with 2 parts#2216
Labels
pr-raised🐛 bug
@Prathamesh061

Description

@Prathamesh061
Prathamesh061
opened on Apr 13, 2023

The function isJWT returns true for an invalid JWT token that has only 2 parts.

This is because the len variable is checked to be less than 2, but it should be less than 3 since a valid JWT token has 3 parts separated by dots.

So, to fix the bug, the if condition should be changed from:

if (len > 3 || len < 2) {

to:

if (len !== 3) {

This will ensure that the function only returns true for valid JWT tokens with exactly 3 parts, and false for everything else.

How to reproduce the issue

invalid token = eyJpZCI6IjY0MzgyNzgzZTQ5M2JhMjMzNmY3NTRiNSIsInVzZXJJZCI6InByYXRoYW0wNiIsInJvbGUiOiJVU0VSIiwiaWF0IjoxNjgxNDAxOTQ1LCJleHAiOjE2ODE0ODgzNDV9.R7Bd8zo48onJiB8gQiZlTbwIwfP9lLzMzAAPCSx_TDg
validate this invalid it will return true

Metadata

Metadata

Assignees

No one assigned

    Labels

    pr-raised🐛 bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions