		function UnauthorizedError (code, error) {
		this.name = "UnauthorizedError";
		this.message = error.message;
		Error.call(this, error.message);
		Error.captureStackTrace(this, this.constructor);
		this.name = "UnauthorizedError";
		this.message = error.message;
		this.code = code;
		@@ -7,0 +7,0 @@ this.status = 401;

lib/index.js

		@@ -31,2 +31,3 @@ var jwt = require('jsonwebtoken');
		var _requestProperty = options.userProperty \|\| options.requestProperty \|\| 'user';
		var _resultProperty = options.resultProperty;
		var credentialsRequired = typeof options.credentialsRequired === 'undefined' ? true : options.credentialsRequired;
		@@ -123,3 +124,7 @@
		if (err) { return next(err); }
		set(req, _requestProperty, result);
		if (_resultProperty) {
		set(res, _resultProperty, result);
		} else {
		set(req, _requestProperty, result);
		}
		next();
		@@ -134,1 +139,3 @@ });
		};

		module.exports.UnauthorizedError = UnauthorizedError;

package.json

		{
		"name": "express-jwt",
		"version": "5.1.0",
		"version": "5.3.0",
		"description": "JWT authentication middleware.",
		@@ -39,6 +39,7 @@ "keywords": [
		"express-unless": "^0.3.0",
		"jsonwebtoken": "~6.2.0",
		"jsonwebtoken": "^7.3.0",
		"lodash.set": "^4.0.0"
		},
		"devDependencies": {
		"conventional-changelog": "~1.1.0",
		"mocha": "1.x.x"
		@@ -45,0 +46,0 @@ },

README.md

		@@ -74,2 +74,10 @@ # express-jwt

		The token can also be attached to the `result` object with the `resultProperty` option. This option will override any `requestProperty`.

		```javascript
		jwt({ secret: publicKey, resultProperty: 'locals.user' });
		```

		Both `resultProperty` and `requestProperty` utilize [lodash.set](https://lodash.com/docs/4.17.2#set) and will accept nested property paths.

		A custom function for extracting the token from a request can be specified with
		@@ -178,6 +186,8 @@ the `getToken` option. This is useful if you need to pass the token through a

		app.use(jwt({
		secret: 'hello world !',
		credentialsRequired: false
		}));
		```javascript
		app.use(jwt({
		secret: 'hello world !',
		credentialsRequired: false
		}));
		```

		@@ -184,0 +194,0 @@ ## Related Modules

test/jwt.test.js

		@@ -256,2 +256,30 @@ var jwt = require('jsonwebtoken');

		it('should set resultProperty if option provided', function() {
		var secret = 'shhhhhh';
		var token = jwt.sign({foo: 'bar'}, secret);

		req = { };
		res = { };
		req.headers = {};
		req.headers.authorization = 'Bearer ' + token;
		expressjwt({secret: secret, resultProperty: 'locals.user'})(req, res, function() {
		assert.equal('bar', res.locals.user.foo);
		assert.ok(typeof req.user === 'undefined');
		});
		});

		it('should ignore userProperty if resultProperty option provided', function() {
		var secret = 'shhhhhh';
		var token = jwt.sign({foo: 'bar'}, secret);

		req = { };
		res = { };
		req.headers = {};
		req.headers.authorization = 'Bearer ' + token;
		expressjwt({secret: secret, userProperty: 'auth', resultProperty: 'locals.user'})(req, res, function() {
		assert.equal('bar', res.locals.user.foo);
		assert.ok(typeof req.auth === 'undefined');
		});
		});

		it('should work if no authorization header and credentials are not required', function() {
		@@ -271,2 +299,15 @@ req = {};

		it('should produce a stack trace that includes the failure reason', function() {
		var req = {};
		var token = jwt.sign({foo: 'bar'}, 'secretA');
		req.headers = {};
		req.headers.authorization = 'Bearer ' + token;

		expressjwt({secret: 'secretB'})(req, res, function(err) {
		var index = err.stack.indexOf('UnauthorizedError: invalid signature')
		assert.equal(index, 0, "Stack trace didn't include 'invalid signature' message.")
		});

		});

		it('should work with a custom getToken function', function() {
		@@ -273,0 +314,0 @@ var secret = 'shhhhhh';

express-jwt - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes