authorized-rules
Advanced tools
Comparing version 0.3.0 to 0.4.0
@@ -50,5 +50,10 @@ "use strict"; | ||
case 0: | ||
token = parseToken(jwtToken); | ||
try { | ||
token = parseToken(jwtToken); | ||
} | ||
catch (e) { | ||
throw http_errors_1.default(403, 'invalid token: parse failed'); | ||
} | ||
if (!token.iss) { | ||
throw http_errors_1.default(403, 'invalid token (missing issuer)'); | ||
throw http_errors_1.default(403, 'invalid token: missing issuer'); | ||
} | ||
@@ -59,3 +64,3 @@ return [4 /*yield*/, executionRule(token)]; | ||
if (!ruleResult.passed) { | ||
throw http_errors_1.default(403, 'Operation not authorized'); | ||
throw http_errors_1.default(403, 'operation not authorized'); | ||
} | ||
@@ -62,0 +67,0 @@ return [2 /*return*/]; |
{ | ||
"name": "authorized-rules", | ||
"version": "0.3.0", | ||
"version": "0.4.0", | ||
"description": "", | ||
@@ -5,0 +5,0 @@ "main": "dist/index.js", |
@@ -26,6 +26,12 @@ import jwtDecoder from 'jwt-decode'; | ||
): Promise<void> => { | ||
const token = parseToken(jwtToken); | ||
let token: JwtToken; | ||
try { | ||
token = parseToken(jwtToken); | ||
} | ||
catch (e) { | ||
throw createError(403, 'invalid token: parse failed'); | ||
} | ||
if (!token.iss) { | ||
throw createError(403, 'invalid token (missing issuer)'); | ||
throw createError(403, 'invalid token: missing issuer'); | ||
} | ||
@@ -35,3 +41,3 @@ | ||
if (!ruleResult.passed) { | ||
throw createError(403, 'Operation not authorized'); | ||
throw createError(403, 'operation not authorized'); | ||
} | ||
@@ -38,0 +44,0 @@ }; |
@@ -50,3 +50,14 @@ import * as jwt from 'jsonwebtoken'; | ||
}); | ||
it('should throw 403 when token in invalid ', async () => { | ||
const rule1 = createRule('rule1', false); | ||
try { | ||
await authorize('stam', and([rule1()])); | ||
fail(); | ||
} catch (e) { | ||
expect(e.status).toBe(403); | ||
} | ||
}); | ||
}); | ||
}); |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
15239
293