commit 1c891bcc90346aa84f8b16bc6fe00fa6c104a4cb
author Remi Tricot-Le Breton <rlebreton@haproxy.com> Mon Oct 18 15:14:49 2021 +0200
committer William Lallemand <wlallemand@haproxy.org> Mon Oct 18 16:02:29 2021 +0200
tree 33c5f1ac6d8f98322bae637d8e2b0479d899bf6b
parent 0b24d2fa4543dbbdf6f32c35e3313906065e84b3

MINOR: jwt: jwt_verify returns negative values in case of error

In order for all the error return values to be distributed on the same
side (instead of surrounding the success error code), the return values
for errors other than a simple verification failure are switched to
negative values. This way the result of the jwt_verify converter can be
compared strictly to 1 as well relative to 0 (any <= 0 return value is
an error).
The documentation was also modified to discourage conversion of the
return value into a boolean (which would definitely not work).

reg-tests/jwt/jws_verify.vtc

diff --git a/reg-tests/jwt/jws_verify.vtc b/reg-tests/jwt/jws_verify.vtc
index 47d5303..129e1b3 100644
--- a/reg-tests/jwt/jws_verify.vtc
+++ b/reg-tests/jwt/jws_verify.vtc
@@ -152,7 +152,7 @@
     rxresp
     expect resp.status == 200
     expect resp.http.x-jwt-alg == "HS512"
-    expect resp.http.x-jwt-verify-HS512 == "4"
+    expect resp.http.x-jwt-verify-HS512 == "-3"
 } -run
 
 
@@ -269,7 +269,7 @@
     expect resp.status == 200
     expect resp.http.x-jwt-alg == "PS512"
     # Unmanaged algorithm
-    expect resp.http.x-jwt-verify == "3"
+    expect resp.http.x-jwt-verify == "-2"
 } -run
 
 # Unknown algorithm
@@ -281,7 +281,7 @@
     expect resp.status == 200
     expect resp.http.x-jwt-alg == "UNKNOWN_ALG"
     # Unmanaged algorithm
-    expect resp.http.x-jwt-verify == "2"
+    expect resp.http.x-jwt-verify == "-1"
 } -run
 
 # Invalid token (not enough fields)
@@ -293,7 +293,7 @@
     expect resp.status == 200
     expect resp.http.x-jwt-alg == "ES512"
     # Unmanaged algorithm
-    expect resp.http.x-jwt-verify == "4"
+    expect resp.http.x-jwt-verify == "-3"
 } -run
 
 # Invalid token (too many fields)
@@ -305,7 +305,7 @@
     expect resp.status == 200
     expect resp.http.x-jwt-alg == "ES512"
     # Unmanaged algorithm
-    expect resp.http.x-jwt-verify == "4"
+    expect resp.http.x-jwt-verify == "-3"
 } -run
 
 # Invalid token (empty signature)
@@ -317,7 +317,7 @@
     expect resp.status == 200
     expect resp.http.x-jwt-alg == "ES512"
     # Unmanaged algorithm
-    expect resp.http.x-jwt-verify == "4"
+    expect resp.http.x-jwt-verify == "-3"
 } -run
 
 # Unknown certificate
@@ -332,5 +332,5 @@
     expect resp.status == 200
     expect resp.http.x-jwt-alg == "ES512"
     # Unmanaged algorithm
-    expect resp.http.x-jwt-verify == "6"
+    expect resp.http.x-jwt-verify == "-5"
 } -run