jsonwebtoken
Advanced tools
Comparing version 1.1.2 to 1.2.0
@@ -74,3 +74,7 @@ var jws = require('jws'); | ||
var audiences = Array.isArray(options.audience)? options.audience : [options.audience]; | ||
if (audiences.indexOf(payload.aud) < 0) | ||
var target = Array.isArray(payload.aud) ? payload.aud : [payload.aud]; | ||
var match = target.some(function(aud) { return audiences.indexOf(aud) != -1; }); | ||
if (!match) | ||
return callback(new JsonWebTokenError('jwt audience invalid. expected: ' + payload.aud)); | ||
@@ -77,0 +81,0 @@ } |
{ | ||
"name": "jsonwebtoken", | ||
"version": "1.1.2", | ||
"version": "1.2.0", | ||
"description": "JSON Web Token implementation (symmetric and asymmetric)", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -178,3 +178,5 @@ # jsonwebtoken [![Build Status](https://secure.travis-ci.org/auth0/node-jsonwebtoken.png)](http://travis-ci.org/auth0/node-jsonwebtoken) | ||
## Issue Reporting | ||
If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues. | ||
@@ -181,0 +183,0 @@ # TODO |
@@ -52,5 +52,7 @@ var jwt = require('../index'); | ||
it.only('should throw when the payload is not json', function(done) { | ||
it('should throw when the payload is not json', function(done) { | ||
var token = jwt.sign('bar', 'secret', { algorithm: 'HS256' }); | ||
jwt.verify(token, 'secret', function() { | ||
jwt.verify(token, 'secret', function(err, decoded) { | ||
assert.isUndefined(decoded); | ||
assert.isNotNull(err); | ||
done(); | ||
@@ -61,2 +63,2 @@ }); | ||
}); | ||
}); | ||
}); |
@@ -107,2 +107,51 @@ var jwt = require('../index'); | ||
describe('when signing a token with array audience', function() { | ||
var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', audience: [ 'urn:foo', 'urn:bar' ] }); | ||
it('should check audience', function(done) { | ||
jwt.verify(token, pub, { audience: 'urn:foo' }, function(err, decoded) { | ||
assert.isNotNull(decoded); | ||
assert.isNull(err); | ||
done(); | ||
}); | ||
}); | ||
it('should check other audience', function(done) { | ||
jwt.verify(token, pub, { audience: 'urn:bar' }, function(err, decoded) { | ||
assert.isNotNull(decoded); | ||
assert.isNull(err); | ||
done(); | ||
}); | ||
}); | ||
it('should check audience in array', function(done) { | ||
jwt.verify(token, pub, { audience: ['urn:foo', 'urn:other'] }, function (err, decoded) { | ||
assert.isNotNull(decoded); | ||
assert.isNull(err); | ||
done(); | ||
}); | ||
}); | ||
it('should throw when invalid audience', function(done) { | ||
jwt.verify(token, pub, { audience: 'urn:wrong' }, function(err, decoded) { | ||
assert.isUndefined(decoded); | ||
assert.isNotNull(err); | ||
assert.equal(err.name, 'JsonWebTokenError'); | ||
assert.instanceOf(err, jwt.JsonWebTokenError); | ||
done(); | ||
}); | ||
}); | ||
it('should throw when invalid audience in array', function(done) { | ||
jwt.verify(token, pub, { audience: ['urn:wrong', 'urn:morewrong'] }, function(err, decoded) { | ||
assert.isUndefined(decoded); | ||
assert.isNotNull(err); | ||
assert.equal(err.name, 'JsonWebTokenError'); | ||
assert.instanceOf(err, jwt.JsonWebTokenError); | ||
done(); | ||
}); | ||
}); | ||
}); | ||
describe('when signing a token without audience', function() { | ||
@@ -109,0 +158,0 @@ var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256' }); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
24074
345
190