* verify should pass verify=true into the jwt library for proper verification

lmajano · lmajano · commit 9751ebdf1313 · 2020-02-26T20:47:53.000-06:00
diff --git a/box.json b/box.json
@@ -1,6 +1,6 @@
 {
     "name":"ColdBox Security",
-    "version":"2.3.0",
+    "version":"2.2.1",
     "location":"https://downloads.ortussolutions.com/ortussolutions/coldbox-modules/cbsecurity/@build.version@/cbsecurity-@build.version@.zip",
     "author":"Ortus Solutions.com <info@ortussolutions.com",
     "slug":"cbsecurity",
diff --git a/changelog.md b/changelog.md
@@ -1,5 +1,9 @@
 # CHANGELOG
 
+## 2.2.1
+
+* `bug` : `verify` should pass `verify=true` into the jwt library for proper verification
+
 ## 2.2.0
 
 * `Feature` : Migrated from the jwt to the `jwtcfml` (https://forgebox.io/view/jwt-cfml) library to expand encoding/decoding capabilities to support `RS` and `ES` algorithms:
diff --git a/models/jwt/JwtService.cfc b/models/jwt/JwtService.cfc
@@ -544,12 +544,7 @@ component accessors="true" singleton {
 	 */
 	boolean function verify( required token ){
 		try {
-			variables.jwt.decode(
-				token      = arguments.token,
-				key        = variables.settings.jwt.secretKey,
-				algorithms = variables.settings.jwt.algorithm,
-				verify     = false
-			);
+			this.decode( arguments.token );
 			return true;
 		} catch ( Any e ) {
 			return false;

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name":"ColdBox Security",`
`3`		`- "version":"2.3.0",`
	`3`	`+ "version":"2.2.1",`
`4`	`4`	`"location":"https://downloads.ortussolutions.com/ortussolutions/coldbox-modules/cbsecurity/@build.version@/[email protected]@.zip",`
`5`	`5`	`"author":"Ortus Solutions.com <[email protected]",`
`6`	`6`	`"slug":"cbsecurity",`