session.c: correct filtered claims JSON object check

Signed-off-by: Hans Zandbelt <[email protected]>

Author: zandbelt

src/handle/userinfo.c

@@ -358,11 +358,12 @@ void oidc_userinfo_pass_as(request_rec *r, oidc_cfg_t *cfg, oidc_session_t *sess
 
 #ifdef USE_LIBJQ
 	const char *s_claims = NULL;
-	const char *filter = oidc_cfg_dir_userinfo_claims_expr_get(r);
-	if (filter) {
-		s_claims = oidc_util_jq_filter(r, oidc_session_get_userinfo_claims(r, session), filter);
-		if (oidc_util_json_decode_object(r, s_claims, &filtered_claims) != TRUE) {
-			oidc_error(r, "decoding filtered userinfo claims JSON object failed");
+	const char *s_filter = oidc_cfg_dir_userinfo_claims_expr_get(r);
+	if (s_filter) {
+		s_claims = oidc_util_jq_filter(r, oidc_session_get_userinfo_claims(r, session), s_filter);
+		if (oidc_util_json_decode_object(r, s_claims, &filtered_claims) == FALSE) {
+			oidc_error(r, "JQ filtering of claims for [%s] resulted in invalid JSON object, filter='%s'",
+				   "userinfo", s_filter);
 			return;
 		}
 	}

src/session.c

@@ -615,12 +615,15 @@ static void oidc_session_set_filtered_claims(request_rec *r, oidc_session_t *z,
 #ifdef USE_LIBJQ
 	const char *filtered_claims = NULL;
 	const oidc_apr_expr_t *filter = oidc_cfg_filter_claims_expr_get(c);
+	const char *s_filter = oidc_util_apr_expr_exec(r, filter, TRUE);
 	if (filter != NULL) {
-		filtered_claims = oidc_util_jq_filter(r, dst, oidc_util_apr_expr_exec(r, filter, TRUE));
+		filtered_claims = oidc_util_jq_filter(r, dst, s_filter);
 		json_decref(dst);
 		dst = NULL;
-		if (oidc_util_json_decode_object(r, filtered_claims, &dst))
-			oidc_error(r, "jq filtering of claims for [%s] resulted in invalid JSON object", session_key);
+		if (oidc_util_json_decode_object(r, filtered_claims, &dst) == FALSE) {
+			oidc_error(r, "JQ filtering of claims for [%s] resulted in invalid JSON object, filter='%s'",
+				   session_key, s_filter);
+		}
 	}
 #endif