express-jwt - npm Package Compare versions

Comparing version 0.4.0 to 0.5.0

lib/errors/UnauthorizedError.js

 function UnauthorizedError (code, error) {
   Error.call(this, error.message);
+  Error.captureStackTrace(this, this.constructor);
   this.name = "UnauthorizedError";
@@ -4,0 +5,0 @@ this.message = error.message;

lib/index.js

@@ -43,3 +43,6 @@ var jwt = require('jsonwebtoken');
       }
-    } else {
+    } else if (options.credentialsRequired === false) {
+      return next();
+    }
+    else {
       return next(new UnauthorizedError('credentials_required', { message: 'No Authorization header was found' }));
@@ -46,0 +49,0 @@ }

package.json

 {
   "name": "express-jwt",
-  "version": "0.4.0",
+  "version": "0.5.0",
   "description": "JWT authentication middleware.",
@@ -5,0 +5,0 @@ "keywords": [

README.md

@@ -5,6 +5,6 @@ # express-jwt
 
-Middleware that validates JsonWebTokens and set `req.user`.
+Middleware that validates JsonWebTokens and sets `req.user`.
 
-This module lets you authenticate HTTP requests using JWT tokens, in your Node.js
-applications.  JWT tokens are typically used protect API endpoints, and are
+This module lets you authenticate HTTP requests using JWT tokens in your Node.js
+applications.  JWTs are typically used protect API endpoints, and are
 often issued using OpenID Connect.
@@ -18,4 +18,5 @@
 
-The JWT authentication middleware authenticates callers using a JWT
-token.  If the token is valid, `req.user` will be set with the JSON object decoded to be used by later middleware for authorization and access control.
+The JWT authentication middleware authenticates callers using a JWT.
+If the token is valid, `req.user` will be set with the JSON object decoded
+to be used by later middleware for authorization and access control.
 
@@ -80,2 +81,10 @@ For example,
 
+You might want to use this module to identify registered users without preventing unregistered clients to access to some data, you
+can do it using the option _credentialsRequired_:
+
+    app.use(jwt({ 
+      secret: 'hello world !',
+      credentialsRequired: false
+    }));
+
 ## Related Modules
@@ -82,0 +91,0 @@

test/jwt.test.js

@@ -19,4 +19,4 @@ var jwt = require('jsonwebtoken');
 
-  it('should throw if no authorization header', function() {
-    expressjwt({secret: 'shhhh'})(req, res, function(err) {
+  it('should throw if no authorization header and credentials are required', function() {
+    expressjwt({secret: 'shhhh', credentialsRequired: true})(req, res, function(err) {
       assert.ok(err);
@@ -144,2 +144,9 @@ assert.equal(err.code, 'credentials_required');
 
+  it('should work if no authorization header and credentials are not required', function() {
+    req = {};
+    expressjwt({secret: 'shhhh', credentialsRequired: false})(req, res, function(err) {
+      assert(typeof err === 'undefined');
+    });
+  });
+
 });

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

10694

increased by7.03%

Lines of code

187

increased by5.65%

Number of lines in readme file

105

increased by9.38%

No dependency changes