atlassian-jwt - npm Package Compare versions

Comparing version 0.1.2 to 0.1.3

lib/jwt.js

@@ -16,2 +16,3 @@ /*
 var Uri = require('jsuri');
+var url = require('url');
 
@@ -170,3 +171,10 @@
 function canonicalizeUri(req, baseUrlString) {
-    var path = req.path;
+    var path;
+    // In express 4.x req.baseUrl represents the full URL and req.path represents the URL from the last router (https://expressjs.com/en/4x/api.html#req.baseUrl)
+    if (req.baseUrl) {
+        path = url.parse(req.baseUrl).pathname;
+    } else {
+        // Since req.baseUrl doesn't exist in prior versions of express we fall back to req.path
+        path = req.path;
+    }
     var baseUrl = new Uri(baseUrlString);
@@ -173,0 +181,0 @@ var baseUrlPath = baseUrl.path();

package.json

 {
   "name": "atlassian-jwt",
   "description": "JWT (JSON Web Token) implementation with custom Atlassian QSH claim verification",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "author": "Seb Ruiz <sruiz@atlassian.com>",
@@ -6,0 +6,0 @@ "repository": {

test/jwt_test.js

@@ -26,3 +26,3 @@ var assert = require('assert');
             method: 'get',
-            path: '/path/to/service',
+            baseUrl: '/path/to/service',
             query: qs.parse('zee_last=param&repeated=parameter 1&first=param&repeated=parameter 2&repeated=Parameter 2')
@@ -41,3 +41,3 @@ };
             method: 'get',
-            path: '/base/path/to/service',
+            baseUrl: '/base/path/to/service',
             query: qs.parse('zee_last=param&repeated=parameter 1&first=param&repeated=parameter 2&repeated=Parameter 2')
@@ -56,3 +56,3 @@ };
             method: 'get',
-            path: '/hello-world',
+            baseUrl: '/hello-world',
             query: qs.parse('lic=none&tz=Australia%2FSydney&cp=%2Fjira&user_key=&loc=en-US&user_id=&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEzODY4OTkxMzEsImlzcyI6ImppcmE6MTU0ODk1OTUiLCJxc2giOiI4MDYzZmY0Y2ExZTQxZGY3YmM5MGM4YWI2ZDBmNjIwN2Q0OTFjZjZkYWQ3YzY2ZWE3OTdiNDYxNGI3MTkyMmU5IiwiaWF0IjoxMzg2ODk4OTUxfQ.uKqU9dTB6gKwG6jQCuXYAiMNdfNRw98Hw_IWuA5MaMo&xdm_e=http%3A%2F%2Fstorm%3A2990&xdm_c=channel-servlet-hello-world&xdm_p=1')
@@ -71,3 +71,3 @@ };
             method: 'get',
-            path: '/hello-world',
+            baseUrl: '/hello-world',
             query: qs.parse('a&b=foo&c')
@@ -82,6 +82,6 @@ };
 
-    it.only('should correctly create canonical request with context in path', function (done) {
+    it('should correctly create canonical request with context in path', function (done) {
         var req = {
             method: 'post',
-            path: '/jira/rest/api/2/project/jira&a=b&c=d',
+            baseUrl: '/jira/rest/api/2/project/jira&a=b&c=d',
             query: qs.parse('x=y'),
@@ -94,3 +94,27 @@ body: ''
     });
+    
+    // Coverage for https://bitbucket.org/atlassian/atlassian-jwt-js/issues/6
+    it('should generate a qsh for the entire path when used in middleware', function(done) {
+        var req = {
+            method: 'get',
+            path: '/project', 
+            baseUrl: '/jira/rest/api/2/project/jira',
+            query: qs.parse('x=y'),
+        };
 
+        assert.equal(jwt.createCanonicalRequest(req, false, '/jira'), 'GET&/rest/api/2/project/jira&x=y');
+        done();
+    });
+
+    it('should fall back to req.path if req.baseUrl does not exist', function(done){
+        var req = {
+            method: 'get',
+            path: '/jira/rest/api/2/project/jira',
+            query: qs.parse('x=y'),
+        };
+
+        assert.equal(jwt.createCanonicalRequest(req, false, '/jira'), 'GET&/rest/api/2/project/jira&x=y');
+        done();
+    });
+
     // If the separator is not URL encoded then the following URLs have the same query-string-hash:
@@ -104,3 +128,3 @@ //   https://djtest9.jira-dev.com/rest/api/2/project&a=b?x=y
                 method: 'post',
-                path: '/rest/api/2/project&a=b',
+                baseUrl: '/rest/api/2/project&a=b',
                 query: qs.parse('x=y'),
@@ -111,3 +135,3 @@ body: ''
                 method: 'post',
-                path: '/rest/api/2/project',
+                baseUrl: '/rest/api/2/project',
                 query: qs.parse('a=b&x=y'),
@@ -124,3 +148,3 @@ body: ''
                 method: 'post',
-                path: '/rest/api/2/project&a=b',
+                baseUrl: '/rest/api/2/project&a=b',
                 query: qs.parse('x=y'),
@@ -137,3 +161,3 @@ body: ''
                 method: 'post',
-                path: '/rest/api/2/project&a=b&c=d',
+                baseUrl: '/rest/api/2/project&a=b&c=d',
                 query: qs.parse('x=y'),
@@ -153,3 +177,3 @@ body: ''
                 method: 'get',
-                path: '/path'
+                baseUrl: '/path'
             };
@@ -179,3 +203,3 @@ var expectedHash = "799be84a7fa35570087163c0cd9af3abff7ac05c2c12ba0bb1d7eebc984b3ac2";
                 method: 'get',
-                path: '/'
+                baseUrl: '/'
             };
@@ -193,3 +217,3 @@ var expectedHash = "c88caad15a1c1a900b8ac08aa9686f4e8184539bea1deda36e2f649430df3239";
                 method: 'get',
-                path: '/hello-world',
+                baseUrl: '/hello-world',
                 query: qs.parse('lic=none&tz=Australia%2FSydney&cp=%2Fjira&user_key=&loc=en-US&user_id=&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEzODY5MTEzNTYsImlzcyI6ImppcmE6MTU0ODk1OTUiLCJxc2giOiI4MDYzZmY0Y2ExZTQxZGY3YmM5MGM4YWI2ZDBmNjIwN2Q0OTFjZjZkYWQ3YzY2ZWE3OTdiNDYxNGI3MTkyMmU5IiwiaWF0IjoxMzg2OTExMTc2fQ.rAsxpHv0EvpXkhjnZnSV14EXJgDx3KSQjgYRjfKnFt8&xdm_e=http%3A%2F%2Fstorm%3A2990&xdm_c=channel-servlet-hello-world&xdm_p=1')
@@ -208,3 +232,3 @@ };
                 method: 'post',
-                path: '/hello-world',
+                baseUrl: '/hello-world',
                 query: {},
@@ -224,3 +248,3 @@ body: qs.parse('lic=none&tz=Australia%2FSydney&cp=%2Fjira&user_key=&loc=en-US&user_id=&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEzODY5MTEzNTYsImlzcyI6ImppcmE6MTU0ODk1OTUiLCJxc2giOiI4MDYzZmY0Y2ExZTQxZGY3YmM5MGM4YWI2ZDBmNjIwN2Q0OTFjZjZkYWQ3YzY2ZWE3OTdiNDYxNGI3MTkyMmU5IiwiaWF0IjoxMzg2OTExMTc2fQ.rAsxpHv0EvpXkhjnZnSV14EXJgDx3KSQjgYRjfKnFt8&xdm_e=http%3A%2F%2Fstorm%3A2990&xdm_c=channel-servlet-hello-world&xdm_p=1')
                 method: 'post',
-                path: '/hello-world',
+                baseUrl: '/hello-world',
                 query: {},
@@ -227,0 +251,0 @@ body: qs.parse('lic=none&tz=Australia%2FSydney&cp=%2Fjira&user_key=&loc=en-US&user_id=&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEzODY5MTEzNTYsImlzcyI6ImppcmE6MTU0ODk1OTUiLCJxc2giOiI4MDYzZmY0Y2ExZTQxZGY3YmM5MGM4YWI2ZDBmNjIwN2Q0OTFjZjZkYWQ3YzY2ZWE3OTdiNDYxNGI3MTkyMmU5IiwiaWF0IjoxMzg2OTExMTc2fQ.rAsxpHv0EvpXkhjnZnSV14EXJgDx3KSQjgYRjfKnFt8&xdm_e=http%3A%2F%2Fstorm%3A2990&xdm_c=channel-servlet-hello-world&xdm_p=1')

test/signed_url_interoperability_test.js

@@ -48,3 +48,3 @@ /**
                 method: "GET",
-                path: uri.path(),
+                baseUrl: uri.path(),
                 query: queryString
@@ -51,0 +51,0 @@ };

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

64498

increased by2.04%

Lines of code

855

increased by3.39%

No dependency changes