express-jwt
Advanced tools
express-jwt - npm Package Compare versions
Comparing version 5.0.0 to 5.1.0
@@ -7,7 +7,6 @@ var jwt = require('jsonwebtoken'); | ||
| var DEFAULT_REVOKED_FUNCTION = function(_, __, cb) { return cb(null, false); } | ||
| var DEFAULT_REVOKED_FUNCTION = function(_, __, cb) { return cb(null, false); }; | ||
| var getClass = {}.toString; | ||
| function isFunction(object) { | ||
| return object && getClass.call(object) == '[object Function]'; | ||
| return Object.prototype.toString.call(object) === '[object Function]'; | ||
| } | ||
@@ -64,3 +63,7 @@ | ||
| } else { | ||
| return next(new UnauthorizedError('credentials_bad_scheme', { message: 'Format is Authorization: Bearer [token]' })); | ||
| if (credentialsRequired) { | ||
| return next(new UnauthorizedError('credentials_bad_scheme', { message: 'Format is Authorization: Bearer [token]' })); | ||
| } else { | ||
| return next(); | ||
| } | ||
| } | ||
@@ -80,4 +83,10 @@ } else { | ||
| var dtoken = jwt.decode(token, { complete: true }) || {}; | ||
| var dtoken; | ||
| try { | ||
| dtoken = jwt.decode(token, { complete: true }) || {}; | ||
| } catch (err) { | ||
| return next(new UnauthorizedError('invalid_token', err)); | ||
| } | ||
| async.waterfall([ | ||
@@ -84,0 +93,0 @@ function getSecret(callback){ |
| { | ||
| "name": "express-jwt", | ||
| "version": "5.0.0", | ||
| "version": "5.1.0", | ||
| "description": "JWT authentication middleware.", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
@@ -63,2 +63,10 @@ var jwt = require('jsonwebtoken'); | ||
| it('should next if authorization header is not Bearer and credentialsRequired is false', function() { | ||
| req.headers = {}; | ||
| req.headers.authorization = 'Basic foobar'; | ||
| expressjwt({secret: 'shhhh', credentialsRequired: false})(req, res, function(err) { | ||
| assert.ok(typeof err === 'undefined'); | ||
| }); | ||
| }); | ||
| it('should throw if authorization header is not well-formatted jwt', function() { | ||
@@ -73,2 +81,11 @@ req.headers = {}; | ||
| it('should throw if jwt is an invalid json', function() { | ||
| req.headers = {}; | ||
| req.headers.authorization = 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.yJ1c2VybmFtZSI6InNhZ3VpYXIiLCJpYXQiOjE0NzEwMTg2MzUsImV4cCI6MTQ3MzYxMDYzNX0.foo'; | ||
| expressjwt({secret: 'shhhh'})(req, res, function(err) { | ||
| assert.ok(err); | ||
| assert.equal(err.code, 'invalid_token'); | ||
| }); | ||
| }); | ||
| it('should throw if authorization header is not valid jwt', function() { | ||
@@ -109,2 +126,3 @@ var secret = 'shhhhhh'; | ||
| assert.equal(err.code, 'invalid_token'); | ||
| assert.equal(err.inner.name, 'TokenExpiredError'); | ||
| assert.equal(err.message, 'jwt expired'); | ||
@@ -111,0 +129,0 @@ }); |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by3.57%
27753
- Lines of code
- increased by4.98%
506
No dependency changes