jsonwebtoken
Advanced tools
jsonwebtoken - npm Package Compare versions
Comparing version 0.2.0 to 0.3.0
20
index.js
| var jws = require('jws'); | ||
| var moment = require('moment'); | ||
@@ -12,5 +11,10 @@ module.exports.decode = function (jwt) { | ||
| var header = {typ: 'JWT', alg: options.algorithm || 'HS256'}; | ||
| if (options.expiresInMinutes) | ||
| payload.exp = moment().add('minutes', options.expiresInMinutes).utc().unix(); | ||
| payload.iat = Date.now(); | ||
| if (options.expiresInMinutes) { | ||
| var ms = options.expiresInMinutes * 60 * 1000; | ||
| payload.exp = payload.iat + ms; | ||
| } | ||
| if (options.audience) | ||
@@ -25,4 +29,2 @@ payload.aud = options.audience; | ||
| payload.iat = moment().utc().unix(); | ||
| var signed = jws.sign({header: header, payload: payload, secret: secretOrPrivateKey}); | ||
@@ -51,7 +53,7 @@ | ||
| if (payload.exp) { | ||
| if (moment().utc().unix() >= payload.exp) | ||
| if (Date.now() >= payload.exp) | ||
| return callback(new Error('jwt expired')); | ||
| } | ||
| if (payload.aud && options.audience) { | ||
| if (options.audience) { | ||
| if (payload.aud !== options.audience) | ||
@@ -61,3 +63,3 @@ return callback(new Error('jwt audience invalid. expected: ' + payload.aud)); | ||
| if (payload.iss && options.issuer) { | ||
| if (options.issuer) { | ||
| if (payload.iss !== options.issuer) | ||
@@ -69,3 +71,1 @@ return callback(new Error('jwt issuer invalid. expected: ' + payload.iss)); | ||
| }; | ||
| { | ||
| "name": "jsonwebtoken", | ||
| "version": "0.2.0", | ||
| "version": "0.3.0", | ||
| "description": "JSON Web Token implementation (symmetric and asymmetric)", | ||
@@ -22,4 +22,3 @@ "main": "index.js", | ||
| "dependencies": { | ||
| "jws": "~0.2.2", | ||
| "moment": "~2.0.0" | ||
| "jws": "~0.2.2" | ||
| }, | ||
@@ -26,0 +25,0 @@ "devDependencies": { |
@@ -42,2 +42,3 @@ # jsonwebtoken [](http://travis-ci.org/auth0/node-jsonwebtoken) | ||
| // sign with default (HMAC SHA256) | ||
| var jwt = require('jsonwebtoken'); | ||
| var token = jwt.sign({ foo: 'bar' }, 'shhhhh'); | ||
@@ -44,0 +45,0 @@ |
@@ -15,3 +15,3 @@ var jwt = require('../index'); | ||
| var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256' }); | ||
| it('should be syntactically valid', function() { | ||
@@ -44,3 +44,3 @@ expect(token).to.be.a('string'); | ||
| var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', expiresInMinutes: 10 }); | ||
| it('should be valid expiration', function(done) { | ||
@@ -69,5 +69,5 @@ jwt.verify(token, pub, function(err, decoded) { | ||
| var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', audience: 'urn:foo' }); | ||
| it('should check audience', function(done) { | ||
| jwt.verify(token, pub, function(err, decoded) { | ||
| jwt.verify(token, pub, { audience: 'urn:foo' }, function(err, decoded) { | ||
| assert.isNotNull(decoded); | ||
@@ -89,5 +89,18 @@ assert.isNull(err); | ||
| describe('when signing a token without audience', function() { | ||
| var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256' }); | ||
| it('should check audience', function(done) { | ||
| jwt.verify(token, pub, { audience: 'urn:wrong' }, function(err, decoded) { | ||
| assert.isUndefined(decoded); | ||
| assert.isNotNull(err); | ||
| done(); | ||
| }); | ||
| }); | ||
| }); | ||
| describe('when signing a token with issuer', function() { | ||
| var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', issuer: 'urn:foo' }); | ||
| it('should check issuer', function() { | ||
@@ -108,2 +121,13 @@ jwt.verify(token, pub, { issuer: 'urn:foo' }, function(err, decoded) { | ||
| describe('when signing a token without issuer', function() { | ||
| var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256' }); | ||
| it('should check issuer', function() { | ||
| jwt.verify(token, pub, { issuer: 'urn:foo' }, function(err, decoded) { | ||
| assert.isUndefined(decoded); | ||
| assert.isNotNull(err); | ||
| }); | ||
| }); | ||
| }); | ||
| describe('when verifying a malformed token', function() { | ||
@@ -120,2 +144,2 @@ it('should throw', function(done) { | ||
| }); | ||
| }); |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by4.46%
15987
- Dependency count
- decreased by-50%
1
- Lines of code
- increased by12.88%
184
- Number of lines in readme file
- increased by0.82%
123
- Number of medium supply chain risk alerts
- decreased by-100%
0
Dependency changes
- Removedmoment@~2.0.0
- Removedmoment@2.0.0(transitive)