express-jwt - npm Package Compare versions

Comparing version 3.4.0 to 5.0.0

lib/index.js

@@ -48,10 +48,2 @@ var jwt = require('jsonwebtoken');
 
-    if (typeof options.skip !== 'undefined') {
-      console.warn('WARN: express-jwt: options.skip is deprecated');
-      console.warn('WARN: use app.use(jwt(options).unless({path: \'/x\'}))');
-      if (options.skip.indexOf(req.url) > -1) {
-        return next();
-      }
-    }
-
     if (options.getToken && typeof options.getToken === 'function') {
@@ -100,3 +92,3 @@ try {
         jwt.verify(token, secret, options, function(err, decoded) {
-          if (err && credentialsRequired) {
+          if (err) {
             callback(new UnauthorizedError('invalid_token', err));
@@ -129,4 +121,5 @@ } else {
   middleware.unless = unless;
+  middleware.UnauthorizedError = UnauthorizedError;
 
   return middleware;
 };

package.json

 {
   "name": "express-jwt",
-  "version": "3.4.0",
+  "version": "5.0.0",
   "description": "JWT authentication middleware.",
@@ -39,3 +39,3 @@ "keywords": [
     "express-unless": "^0.3.0",
-    "jsonwebtoken": "^5.0.0",
+    "jsonwebtoken": "~6.2.0",
     "lodash.set": "^4.0.0"
@@ -42,0 +42,0 @@ },

README.md

@@ -185,2 +185,3 @@ # express-jwt
 - [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) — JSON Web Token sign and verification
+- [express-jwt-permissions](https://github.com/MichielDeMey/express-jwt-permissions) - Permissions middleware for JWT tokens
 
@@ -187,0 +188,0 @@ ## Tests

test/jwt.test.js

@@ -162,2 +162,28 @@ var jwt = require('jsonwebtoken');
 
+  it('should throw error if token is expired even with when credentials are not required', function() {
+      var secret = 'shhhhhh';
+      var token = jwt.sign({foo: 'bar', exp: 1382412921}, secret);
+
+      req.headers = {};
+      req.headers.authorization = 'Bearer ' + token;
+      expressjwt({ secret: secret, credentialsRequired: false })(req, res, function(err) {
+          assert.ok(err);
+          assert.equal(err.code, 'invalid_token');
+          assert.equal(err.message, 'jwt expired');
+      });
+  });
+
+  it('should throw error if token is invalid even with when credentials are not required', function() {
+      var secret = 'shhhhhh';
+      var token = jwt.sign({foo: 'bar', exp: 1382412921}, secret);
+
+      req.headers = {};
+      req.headers.authorization = 'Bearer ' + token;
+      expressjwt({ secret: "not the secret", credentialsRequired: false })(req, res, function(err) {
+          assert.ok(err);
+          assert.equal(err.code, 'invalid_token');
+          assert.equal(err.message, 'invalid signature');
+      });
+  });
+
 });
@@ -220,14 +246,2 @@
 
-  it('should work if token is expired and credentials are not required', function() {
-    var secret = 'shhhhhh';
-    var token = jwt.sign({foo: 'bar', exp: 1382412921}, secret);
-
-    req.headers = {};
-    req.headers.authorization = 'Bearer ' + token;
-    expressjwt({ secret: secret, credentialsRequired: false })(req, res, function(err) {
-      assert(typeof err === 'undefined');
-      assert(typeof req.user === 'undefined')
-    });
-  });
-
   it('should not work if no authorization header', function() {
@@ -234,0 +248,0 @@ req = {};

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

26797

increased by1.81%

Lines of code

482

increased by1.26%

Number of lines in readme file

206

increased by0.49%

Dependency changes

• + Addedhoek@2.16.3(transitive)

• + Addedisemail@1.2.0(transitive)

• + Addedjoi@6.10.1(transitive)

• + Addedjsonwebtoken@6.2.0(transitive)

• + Addedmoment@2.30.1(transitive)

• + Addedtopo@1.1.0(transitive)

• - Removedjsonwebtoken@5.7.0(transitive)

• Updatedjsonwebtoken@~6.2.0