express-jwt - npm Package Compare versions

Comparing version 0.2.2 to 0.3.0

lib/index.js

		var jwt = require('jsonwebtoken');
		var UnauthorizedError = require('./errors/UnauthorizedError');
		var unless = require('express-unless');

		@@ -7,25 +8,30 @@ module.exports = function(options) {

		return function(req, res, next) {
		var middleware = function(req, res, next) {
		var token;


		if (req.method === 'OPTIONS' && req.headers.hasOwnProperty('access-control-request-headers')) {
		for (var ctrlReqs = req.headers['access-control-request-headers'].split(','),i=0;
		i < ctrlReqs.length; i++) {
		if (ctrlReqs[i].indexOf('authorization') != -1)
		return next();
		}
		var hasAuthInAccessControl = !!~req.headers['access-control-request-headers']
		.split(',').map(function (header) {
		return header.trim();
		}).indexOf('authorization');

		if (hasAuthInAccessControl) {
		return next();
		}
		}


		if (typeof options.skip !== 'undefined') {
		console.warn('WARN: express-jwt: options.skip is deprecated');
		console.warn('WARN: use app.use(jwt(options).unless({path: \'/x\'}))');
		if (options.skip.indexOf(req.url) > -1) {
		return next();
		}
		}

		}

		if (req.headers && req.headers.authorization) {
		var parts = req.headers.authorization.split(' ');
		if (parts.length == 2) {
		var scheme = parts[0]
		, credentials = parts[1];

		var scheme = parts[0];
		var credentials = parts[1];

		if (/^Bearer$/i.test(scheme)) {
		@@ -48,2 +54,6 @@ token = credentials;
		};

		middleware.unless = unless;

		return middleware;
		};

package.json

		{
		"name": "express-jwt",
		"version": "0.2.2",
		"version": "0.3.0",
		"description": "JWT authentication middleware.",
		@@ -37,2 +37,3 @@ "keywords": [
		"dependencies": {
		"express-unless": "0.0.0",
		"jsonwebtoken": "~0.4.1"
		@@ -39,0 +40,0 @@ },

test/jwt.test.js

		@@ -13,4 +13,3 @@ var jwt = require('jsonwebtoken');
		expressjwt();
		}
		catch(e) {
		} catch(e) {
		assert.ok(e);
		@@ -28,2 +27,20 @@ assert.equal(e.message, 'secret should be set');

		it('support unless skip', function() {
		req.originalUrl = '/index.html';
		expressjwt({secret: 'shhhh'}).unless({path: '/index.html'})(req, res, function(err) {
		assert.ok(!err);
		});
		});

		it('should skip on CORS preflight', function() {
		var corsReq = {};
		corsReq.method = 'OPTIONS';
		corsReq.headers = {
		'access-control-request-headers': 'sasa, sras, authorization'
		};
		expressjwt({secret: 'shhhh'})(corsReq, res, function(err) {
		assert.ok(!err);
		});
		});

		it('should throw if authorization header is malformed', function() {
		@@ -50,3 +67,3 @@ req.headers = {};
		var token = jwt.sign({foo: 'bar'}, secret);


		req.headers = {};
		@@ -64,3 +81,3 @@ req.headers.authorization = 'Bearer ' + token;
		var token = jwt.sign({foo: 'bar', aud: 'expected-audience'}, secret);


		req.headers = {};
		@@ -78,3 +95,3 @@ req.headers.authorization = 'Bearer ' + token;
		var token = jwt.sign({foo: 'bar', exp: 1382412921 }, secret);


		req.headers = {};
		@@ -92,3 +109,3 @@ req.headers.authorization = 'Bearer ' + token;
		var token = jwt.sign({foo: 'bar', iss: 'http://foo' }, secret);


		req.headers = {};
		@@ -113,3 +130,3 @@ req.headers.authorization = 'Bearer ' + token;
		var token = jwt.sign({foo: 'bar'}, secret);


		req.headers = {};
		@@ -116,0 +133,0 @@ req.headers.authorization = 'Bearer ' + token;

New alerts