Extract algorithm checks to lower percieved complexity

bdewater · bdewater · commit 1a2aa1ae0c73 · 2019-11-03T23:24:57.000-05:00
diff --git a/lib/jwt/decode.rb b/lib/jwt/decode.rb
@@ -24,6 +24,7 @@ def decode_segments
       validate_segment_count!
       if @verify
         decode_crypto
+        verify_algo
         verify_signature
         verify_claims
       end
@@ -33,14 +34,16 @@ def decode_segments
 
     private
 
+    def verify_algo
+      raise(JWT::IncorrectAlgorithm, 'An algorithm must be specified') if allowed_algorithms.empty?
+      raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') unless options_includes_algo_in_header?
+    end
+
     def verify_signature
       @key = find_key(&@keyfinder) if @keyfinder
       @key = ::JWT::JWK::KeyFinder.new(jwks: @options[:jwks]).key_for(header['kid']) if @options[:jwks]
       @key = JWT::X5cKeyFinder.from(header['x5c'], @options.fetch(:root_certificates), @options[:crls]) if header['x5c']
 
-      raise(JWT::IncorrectAlgorithm, 'An algorithm must be specified') if allowed_algorithms.empty?
-      raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') unless options_includes_algo_in_header?
-
       Signature.verify(header['alg'], @key, signing_input, @signature)
     end
 
