jsonwebtoken
Advanced tools
Comparing version 0.2.0 to 0.3.0
20
index.js
var jws = require('jws'); | ||
var moment = require('moment'); | ||
@@ -12,5 +11,10 @@ module.exports.decode = function (jwt) { | ||
var header = {typ: 'JWT', alg: options.algorithm || 'HS256'}; | ||
if (options.expiresInMinutes) | ||
payload.exp = moment().add('minutes', options.expiresInMinutes).utc().unix(); | ||
payload.iat = Date.now(); | ||
if (options.expiresInMinutes) { | ||
var ms = options.expiresInMinutes * 60 * 1000; | ||
payload.exp = payload.iat + ms; | ||
} | ||
if (options.audience) | ||
@@ -25,4 +29,2 @@ payload.aud = options.audience; | ||
payload.iat = moment().utc().unix(); | ||
var signed = jws.sign({header: header, payload: payload, secret: secretOrPrivateKey}); | ||
@@ -51,7 +53,7 @@ | ||
if (payload.exp) { | ||
if (moment().utc().unix() >= payload.exp) | ||
if (Date.now() >= payload.exp) | ||
return callback(new Error('jwt expired')); | ||
} | ||
if (payload.aud && options.audience) { | ||
if (options.audience) { | ||
if (payload.aud !== options.audience) | ||
@@ -61,3 +63,3 @@ return callback(new Error('jwt audience invalid. expected: ' + payload.aud)); | ||
if (payload.iss && options.issuer) { | ||
if (options.issuer) { | ||
if (payload.iss !== options.issuer) | ||
@@ -69,3 +71,1 @@ return callback(new Error('jwt issuer invalid. expected: ' + payload.iss)); | ||
}; | ||
{ | ||
"name": "jsonwebtoken", | ||
"version": "0.2.0", | ||
"version": "0.3.0", | ||
"description": "JSON Web Token implementation (symmetric and asymmetric)", | ||
@@ -22,4 +22,3 @@ "main": "index.js", | ||
"dependencies": { | ||
"jws": "~0.2.2", | ||
"moment": "~2.0.0" | ||
"jws": "~0.2.2" | ||
}, | ||
@@ -26,0 +25,0 @@ "devDependencies": { |
@@ -42,2 +42,3 @@ # jsonwebtoken [![Build Status](https://secure.travis-ci.org/auth0/node-jsonwebtoken.png)](http://travis-ci.org/auth0/node-jsonwebtoken) | ||
// sign with default (HMAC SHA256) | ||
var jwt = require('jsonwebtoken'); | ||
var token = jwt.sign({ foo: 'bar' }, 'shhhhh'); | ||
@@ -44,0 +45,0 @@ |
@@ -15,3 +15,3 @@ var jwt = require('../index'); | ||
var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256' }); | ||
it('should be syntactically valid', function() { | ||
@@ -44,3 +44,3 @@ expect(token).to.be.a('string'); | ||
var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', expiresInMinutes: 10 }); | ||
it('should be valid expiration', function(done) { | ||
@@ -69,5 +69,5 @@ jwt.verify(token, pub, function(err, decoded) { | ||
var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', audience: 'urn:foo' }); | ||
it('should check audience', function(done) { | ||
jwt.verify(token, pub, function(err, decoded) { | ||
jwt.verify(token, pub, { audience: 'urn:foo' }, function(err, decoded) { | ||
assert.isNotNull(decoded); | ||
@@ -89,5 +89,18 @@ assert.isNull(err); | ||
describe('when signing a token without audience', function() { | ||
var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256' }); | ||
it('should check audience', function(done) { | ||
jwt.verify(token, pub, { audience: 'urn:wrong' }, function(err, decoded) { | ||
assert.isUndefined(decoded); | ||
assert.isNotNull(err); | ||
done(); | ||
}); | ||
}); | ||
}); | ||
describe('when signing a token with issuer', function() { | ||
var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', issuer: 'urn:foo' }); | ||
it('should check issuer', function() { | ||
@@ -108,2 +121,13 @@ jwt.verify(token, pub, { issuer: 'urn:foo' }, function(err, decoded) { | ||
describe('when signing a token without issuer', function() { | ||
var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256' }); | ||
it('should check issuer', function() { | ||
jwt.verify(token, pub, { issuer: 'urn:foo' }, function(err, decoded) { | ||
assert.isUndefined(decoded); | ||
assert.isNotNull(err); | ||
}); | ||
}); | ||
}); | ||
describe('when verifying a malformed token', function() { | ||
@@ -120,2 +144,2 @@ it('should throw', function(done) { | ||
}); | ||
}); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
15987
1
184
123
0
- Removedmoment@~2.0.0
- Removedmoment@2.0.0(transitive)