fast-jwt - npm Package Compare versions
Comparing version 1.3.0 to 1.3.1
| { | ||
| "name": "fast-jwt", | ||
| "version": "1.3.0", | ||
| "version": "1.3.1", | ||
| "description": "Fast JSON Web Token implementation", | ||
@@ -5,0 +5,0 @@ "author": "NearForm Ltd", |
@@ -45,3 +45,3 @@ # fast-jwt | ||
| If the `key` is a passphrase protected private key, then it must be an object with the following structure: | ||
| If the `key` is a passphrase protected private key, the `algorithm` option must be provided and must be either a `RS*` or `ES*` encoded key and the `key` option must be an object with the following structure: | ||
| ```js | ||
@@ -48,0 +48,0 @@ { |
@@ -103,3 +103,3 @@ 'use strict' | ||
| function performDetectPrivateKeyAlgoritm(key) { | ||
| function performDetectPrivateKeyAlgorithm(key) { | ||
| if (key.includes(publicKeyPemMatcher)) { | ||
@@ -120,4 +120,3 @@ throw new TokenError(TokenError.codes.invalidKey, 'Public keys are not supported for signing.') | ||
| switch (pemData[1]) { | ||
| case 'RSA': // pkcs1 format - Can only be RSA or an ENCRYPTED (RSA) key | ||
| case 'ENCRYPTED': | ||
| case 'RSA': // pkcs1 format - Can only be RSA key | ||
| return 'RS256' | ||
@@ -128,2 +127,4 @@ case 'EC': // sec1 format - Can only be a EC key | ||
| break | ||
| case 'ENCRYPTED': // Can be either RSA or EC key - we'll used the supplied algorithm | ||
| return 'ENCRYPTED' | ||
| default: | ||
@@ -192,3 +193,3 @@ // pkcs8 | ||
| function detectPrivateKeyAlgorithm(key) { | ||
| function detectPrivateKeyAlgorithm(key, providedAlgorithm) { | ||
| if (key instanceof Buffer) { | ||
@@ -211,10 +212,10 @@ key = key.toString('utf-8') | ||
| try { | ||
| return cacheSet(privateKeysCache, key, performDetectPrivateKeyAlgoritm(key)) | ||
| const detectedAlgorithm = performDetectPrivateKeyAlgorithm(key) | ||
| if (detectedAlgorithm === 'ENCRYPTED') { | ||
| return cacheSet(privateKeysCache, key, providedAlgorithm) | ||
| } | ||
| return cacheSet(privateKeysCache, key, detectedAlgorithm) | ||
| } catch (e) { | ||
| throw cacheSet( | ||
| privateKeysCache, | ||
| key, | ||
| null, | ||
| TokenError.wrap(e, TokenError.codes.invalidKey, 'Unsupported PEM private key.') | ||
| ) | ||
| throw cacheSet(privateKeysCache, key, null, TokenError.wrap(e, TokenError.codes.invalidKey, 'Unsupported PEM private key.')) | ||
| } | ||
@@ -221,0 +222,0 @@ } |
@@ -28,8 +28,9 @@ 'use strict' | ||
| // If the key is passphrase encrypted (actual === "ENCRYPTED") only RS and ES algos are supported | ||
| if (expectedType === 'RS' || expectedType === 'PS') { | ||
| // RS and PS use same keys | ||
| valid = actualType === 'RS' | ||
| valid = actualType === 'RS' || (expectedType === 'RS' && actual === 'ENCRYPTED') | ||
| } else if (expectedType === 'ES' || expectedType === 'Ed') { | ||
| // ES and Ed must match | ||
| valid = expectedType === actualType | ||
| valid = expectedType === actualType || (expectedType === 'ES' && actual === 'ENCRYPTED') | ||
| } | ||
@@ -148,3 +149,3 @@ | ||
| // Detect the private key - If the algorithm was known, just verify they match, otherwise assign it | ||
| const availableAlgorithm = detectPrivateKeyAlgorithm(currentKey) | ||
| const availableAlgorithm = detectPrivateKeyAlgorithm(currentKey, algorithm) | ||
@@ -210,3 +211,3 @@ if (algorithm) { | ||
| const keyType = typeof key | ||
| const isKeyPasswordProtected = (keyType === 'object') && key && key.key && key.passphrase | ||
| const isKeyPasswordProtected = keyType === 'object' && key && key.key && key.passphrase | ||
@@ -220,3 +221,6 @@ if (algorithm === 'none') { | ||
| } | ||
| } else if (!key || (keyType !== 'string' && !(key instanceof Buffer) && keyType !== 'function' && !isKeyPasswordProtected)) { | ||
| } else if ( | ||
| !key || | ||
| (keyType !== 'string' && !(key instanceof Buffer) && keyType !== 'function' && !isKeyPasswordProtected) | ||
| ) { | ||
| throw new TokenError( | ||
@@ -226,2 +230,7 @@ TokenError.codes.invalidOption, | ||
| ) | ||
| } else if (isKeyPasswordProtected && !algorithm) { | ||
| throw new TokenError( | ||
| TokenError.codes.invalidAlgorithm, | ||
| 'When using password protected key you must provide the algorithm option.' | ||
| ) | ||
| } | ||
@@ -232,3 +241,3 @@ | ||
| // Detect the private key - If the algorithm was known, just verify they match, otherwise assign it | ||
| const availableAlgorithm = detectPrivateKeyAlgorithm(isKeyPasswordProtected ? key.key : key) | ||
| const availableAlgorithm = detectPrivateKeyAlgorithm(isKeyPasswordProtected ? key.key : key, algorithm) | ||
@@ -285,3 +294,5 @@ if (algorithm) { | ||
| const fpo = { jti, aud, iss, sub, nonce } | ||
| const fixedPayload = Object.keys(fpo).reduce((obj, key) => { return (fpo[key] !== undefined) ? Object.assign(obj, { [key]: fpo[key] }) : obj }, {}) | ||
| const fixedPayload = Object.keys(fpo).reduce((obj, key) => { | ||
| return fpo[key] !== undefined ? Object.assign(obj, { [key]: fpo[key] }) : obj | ||
| }, {}) | ||
@@ -288,0 +299,0 @@ // Return the signer |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by2.14%
84127
- Number of package files
- increased by9.09%
12
- Lines of code
- increased by0.94%
1183