jose - npm Package Compare versions

Comparing version 1.16.1 to 1.16.2

CHANGELOG.md

@@ -5,2 +5,11 @@ # Change Log
 
+## [1.16.2](https://github.com/panva/jose/compare/v1.16.1...v1.16.2) (2019-12-05)
+
+
+### Bug Fixes
+
+* handle Unencoded Payload (b64:false) with arbitrary buffer payloads ([daabedc](https://github.com/panva/jose/commit/daabedc776617f4fde427b3a5e79d8c176293132)), closes [#57](https://github.com/panva/jose/issues/57)
+
+
+
 ## [1.16.1](https://github.com/panva/jose/compare/v1.16.0...v1.16.1) (2019-12-05)
@@ -7,0 +16,0 @@

lib/jws/serializers.js

@@ -53,3 +53,3 @@ const isObject = require('../help/is_object')
 const isJSON = (input) => {
-  return isObject(input) && typeof input.payload === 'string'
+  return isObject(input) && (typeof input.payload === 'string' || Buffer.isBuffer(input.payload))
 }
@@ -56,0 +56,0 @@

lib/jws/sign.js

@@ -28,2 +28,3 @@ const base64url = require('../help/base64url')
       payload = base64url.encodeBuffer(payload)
+      i(this).binary = true
     } else if (isObject(payload)) {
@@ -101,3 +102,7 @@ payload = base64url.JSON.encode(payload)
       if (!joseHeader.protected.b64) {
-        i(this).payload = base64url.decode(i(this).payload)
+        if (i(this).binary) {
+          i(this).payload = base64url.decodeToBuffer(i(this).payload)
+        } else {
+          i(this).payload = base64url.decode(i(this).payload)
+        }
       }
@@ -108,3 +113,9 @@ }
     recipient.protected = Object.keys(joseHeader.protected).length ? base64url.JSON.encode(joseHeader.protected) : ''
-    recipient.signature = base64url.encodeBuffer(sign(alg, key, Buffer.from(`${recipient.protected}.${i(this).payload}`)))
+
+    const toBeSigned = Buffer.concat([
+      Buffer.from(recipient.protected || ''),
+      Buffer.from('.'),
+      Buffer.isBuffer(i(this).payload) ? i(this).payload : Buffer.from(i(this).payload)
+    ])
+    recipient.signature = base64url.encodeBuffer(sign(alg, key, toBeSigned))
   }
@@ -111,0 +122,0 @@

lib/jws/verify.js

@@ -123,3 +123,8 @@ const base64url = require('../help/base64url')
 
-    if (!verify(alg, key, Buffer.from([prot, payload].join('.')), base64url.decodeToBuffer(signature))) {
+    const toBeVerified = Buffer.concat([
+      Buffer.from(prot || ''),
+      Buffer.from('.'),
+      Buffer.isBuffer(payload) ? payload : Buffer.from(payload)
+    ])
+    if (!verify(alg, key, toBeVerified, base64url.decodeToBuffer(signature))) {
       throw new errors.JWSVerificationFailed()
@@ -126,0 +131,0 @@ }

package.json

 {
   "name": "jose",
-  "version": "1.16.1",
+  "version": "1.16.2",
   "description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies",
@@ -5,0 +5,0 @@ "keywords": [

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

213146

increased by0.38%

Lines of code

4660

increased by0.32%

No dependency changes