No explicit handling for the none algorithm

jwt · Jul 25, 2023 · ffa9b4a · ffa9b4a
1 parent 756dfc0
commit ffa9b4a
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/lib/jwt/decode_context.rb b/lib/jwt/decode_context.rb
@@ -20,11 +20,13 @@ def payload
     end
 
     def valid_signature?
+      return valid_signature_for?(nil) if verification_keys.empty?
+
       verification_keys.any? { |key| valid_signature_for?(key) }
     end
 
     def verification_keys
-      @verification_keys ||= Array(resolve_verification_keys).compact
+      @verification_keys ||= Array(resolve_verification_keys)
     end
 
     def algorithm_match?

diff --git a/lib/jwt/default_decoder.rb b/lib/jwt/default_decoder.rb
@@ -68,8 +68,6 @@ def decode_segments
     private
 
     def verify_signature
-      return if none_algorithm?
-
       return if decode_context.valid_signature?
 
       raise JWT::VerificationError, 'Signature verification failed'
@@ -113,7 +111,7 @@ def validate_segment_count!
     end
 
     def none_algorithm?
-      decode_context.token.alg_in_header == 'none'
+      alg_in_header == 'none'
     end
 
     def alg_in_header