jsonwebtoken - npm Package Compare versions

Comparing version 1.1.2 to 1.2.0

index.js

		@@ -74,3 +74,7 @@ var jws = require('jws');
		var audiences = Array.isArray(options.audience)? options.audience : [options.audience];
		if (audiences.indexOf(payload.aud) < 0)
		var target = Array.isArray(payload.aud) ? payload.aud : [payload.aud];

		var match = target.some(function(aud) { return audiences.indexOf(aud) != -1; });

		if (!match)
		return callback(new JsonWebTokenError('jwt audience invalid. expected: ' + payload.aud));
		@@ -77,0 +81,0 @@ }

package.json

		{
		"name": "jsonwebtoken",
		"version": "1.1.2",
		"version": "1.2.0",
		"description": "JSON Web Token implementation (symmetric and asymmetric)",
		@@ -5,0 +5,0 @@ "main": "index.js",

README.md

		@@ -178,3 +178,5 @@ # jsonwebtoken [![Build Status](https://secure.travis-ci.org/auth0/node-jsonwebtoken.png)](http://travis-ci.org/auth0/node-jsonwebtoken)

		## Issue Reporting

		If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.

		@@ -181,0 +183,0 @@ # TODO

test/jwt.hs.tests.js

		@@ -52,5 +52,7 @@ var jwt = require('../index');

		it.only('should throw when the payload is not json', function(done) {
		it('should throw when the payload is not json', function(done) {
		var token = jwt.sign('bar', 'secret', { algorithm: 'HS256' });
		jwt.verify(token, 'secret', function() {
		jwt.verify(token, 'secret', function(err, decoded) {
		assert.isUndefined(decoded);
		assert.isNotNull(err);
		done();
		@@ -61,2 +63,2 @@ });
		});
		});
		});

test/jwt.rs.tests.js

		@@ -107,2 +107,51 @@ var jwt = require('../index');

		describe('when signing a token with array audience', function() {
		var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', audience: [ 'urn:foo', 'urn:bar' ] });

		it('should check audience', function(done) {
		jwt.verify(token, pub, { audience: 'urn:foo' }, function(err, decoded) {
		assert.isNotNull(decoded);
		assert.isNull(err);
		done();
		});
		});

		it('should check other audience', function(done) {
		jwt.verify(token, pub, { audience: 'urn:bar' }, function(err, decoded) {
		assert.isNotNull(decoded);
		assert.isNull(err);
		done();
		});
		});

		it('should check audience in array', function(done) {
		jwt.verify(token, pub, { audience: ['urn:foo', 'urn:other'] }, function (err, decoded) {
		assert.isNotNull(decoded);
		assert.isNull(err);
		done();
		});
		});

		it('should throw when invalid audience', function(done) {
		jwt.verify(token, pub, { audience: 'urn:wrong' }, function(err, decoded) {
		assert.isUndefined(decoded);
		assert.isNotNull(err);
		assert.equal(err.name, 'JsonWebTokenError');
		assert.instanceOf(err, jwt.JsonWebTokenError);
		done();
		});
		});

		it('should throw when invalid audience in array', function(done) {
		jwt.verify(token, pub, { audience: ['urn:wrong', 'urn:morewrong'] }, function(err, decoded) {
		assert.isUndefined(decoded);
		assert.isNotNull(err);
		assert.equal(err.name, 'JsonWebTokenError');
		assert.instanceOf(err, jwt.JsonWebTokenError);
		done();
		});
		});

		});

		describe('when signing a token without audience', function() {
		@@ -109,0 +158,0 @@ var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256' });

jsonwebtoken - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics