From 7edd6fa47dc83f6af8f89e26de4bb740a2c1cd27 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Meusel?= <rene.meusel@nexenio.com>
Date: Thu, 7 Dec 2017 18:08:43 +0100
Subject: [PATCH 1/2] FIX: reading base64 JWT conforming to RFC-4648

---
 src/qjsonwebtoken.cpp | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/qjsonwebtoken.cpp b/src/qjsonwebtoken.cpp
index 7dd0bcc..0986054 100644
--- a/src/qjsonwebtoken.cpp
+++ b/src/qjsonwebtoken.cpp
@@ -201,6 +201,14 @@ QString QJsonWebToken::getToken()
 	return m_byteAllData + "." + byteSignatureBase64;
 }
 
+static QByteArray readBase64(QString strToken) {
+	// decode based on RFC-4648 URI safe encoding
+	strToken.replace('-', '+');
+	strToken.replace('_', '/');
+
+	return QByteArray::fromBase64(strToken.toUtf8());
+}
+
 bool QJsonWebToken::setToken(QString strToken)
 {
 	// assume base64 encoded at first, if not try decoding
@@ -214,8 +222,8 @@ bool QJsonWebToken::setToken(QString strToken)
 	// check all parts are valid using another instance,
 	// so we dont overwrite this instance in case of error
 	QJsonWebToken tempTokenObj;
-	if ( !tempTokenObj.setHeaderQStr(QByteArray::fromBase64(listJwtParts.at(0).toUtf8())) ||
-		 !tempTokenObj.setPayloadQStr(QByteArray::fromBase64(listJwtParts.at(1).toUtf8())) )
+	if ( !tempTokenObj.setHeaderQStr(readBase64(listJwtParts.at(0))) ||
+		!tempTokenObj.setPayloadQStr(readBase64(listJwtParts.at(1))) )
 	{
 		// try unencoded
 		if (!tempTokenObj.setHeaderQStr(listJwtParts.at(0)) ||
@@ -233,8 +241,8 @@ bool QJsonWebToken::setToken(QString strToken)
 	setPayloadQStr(tempTokenObj.getPayloadQStr());
 	if (isBase64Encoded)
 	{ // unencode
-		m_byteSignature = QByteArray::fromBase64(listJwtParts.at(2).toUtf8());
-	} 
+		m_byteSignature = readBase64(listJwtParts.at(2));
+	}
 	else
 	{
 		m_byteSignature = listJwtParts.at(2).toUtf8();

From a7741a42ff38a44bb2b56073bde82703b46cc0c5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Meusel?= <rene.meusel@nexenio.com>
Date: Thu, 7 Dec 2017 18:09:41 +0100
Subject: [PATCH 2/2] FIX: white-space knit pick

---
 src/qjsonwebtoken.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/qjsonwebtoken.cpp b/src/qjsonwebtoken.cpp
index 0986054..82c4cac 100644
--- a/src/qjsonwebtoken.cpp
+++ b/src/qjsonwebtoken.cpp
@@ -223,7 +223,7 @@ bool QJsonWebToken::setToken(QString strToken)
 	// so we dont overwrite this instance in case of error
 	QJsonWebToken tempTokenObj;
 	if ( !tempTokenObj.setHeaderQStr(readBase64(listJwtParts.at(0))) ||
-		!tempTokenObj.setPayloadQStr(readBase64(listJwtParts.at(1))) )
+		 !tempTokenObj.setPayloadQStr(readBase64(listJwtParts.at(1))) )
 	{
 		// try unencoded
 		if (!tempTokenObj.setHeaderQStr(listJwtParts.at(0)) ||