jsonwebtoken
Advanced tools
Comparing version 6.1.2 to 6.2.0
@@ -138,3 +138,3 @@ var jws = require('jws'); | ||
} | ||
if (payload.nbf > Math.floor(Date.now() / 1000)) { | ||
if (payload.nbf > Math.floor(Date.now() / 1000) + (options.clockTolerance || 0)) { | ||
return done(new NotBeforeError('jwt not active', new Date(payload.nbf * 1000))); | ||
@@ -148,4 +148,5 @@ } | ||
} | ||
if (Math.floor(Date.now() / 1000) >= payload.exp) | ||
if (Math.floor(Date.now() / 1000) >= payload.exp + (options.clockTolerance || 0)) { | ||
return done(new TokenExpiredError('jwt expired', new Date(payload.exp * 1000))); | ||
} | ||
} | ||
@@ -190,3 +191,3 @@ | ||
} | ||
if (Date.now() - (payload.iat * 1000) > maxAge) { | ||
if (Date.now() - (payload.iat * 1000) > maxAge + (options.clockTolerance || 0) * 1000) { | ||
return done(new TokenExpiredError('maxAge exceeded', new Date(payload.iat * 1000 + maxAge))); | ||
@@ -193,0 +194,0 @@ } |
{ | ||
"name": "jsonwebtoken", | ||
"version": "6.1.2", | ||
"version": "6.2.0", | ||
"description": "JSON Web Token implementation (symmetric and asymmetric)", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -46,3 +46,3 @@ # jsonwebtoken [![Build Status](https://secure.travis-ci.org/auth0/node-jsonwebtoken.png)](http://travis-ci.org/auth0/node-jsonwebtoken) | ||
Generated JWTs will include an `iat` claim by default unless `noTimestamp` is specified. | ||
Generated jwts will include an `iat` (issued at) claim by default unless `noTimestamp` is specified. If `iat` is inserted in the payload, it will be used instead of the real timestamp for calculating other things like `exp` given a timespan in `options.expiresIn`. | ||
@@ -55,2 +55,4 @@ Example | ||
var token = jwt.sign({ foo: 'bar' }, 'shhhhh'); | ||
//backdate a jwt 30 seconds | ||
var older_token = jwt.sign({ foo: 'bar', iat: Math.floor(Date.now() / 1000) - 30 }, 'shhhhh'); | ||
@@ -86,3 +88,5 @@ // sign with RSA SHA256 | ||
* `subject`: if you want to check subject (`sub`), provide a value here | ||
* `clockTolerance`: number of second to tolerate when checking the `nbf` and `exp` claims, to deal with small clock differences among different servers | ||
```js | ||
@@ -89,0 +93,0 @@ // verify a token symmetric - synchronous |
13
sign.js
@@ -19,2 +19,9 @@ var Joi = require('joi'); | ||
var registered_claims_schema = Joi.object().keys({ | ||
iat: Joi.number(), | ||
exp: Joi.number(), | ||
nbf: Joi.number() | ||
}).unknown(); | ||
var options_to_payload = { | ||
@@ -48,2 +55,8 @@ 'audience': 'aud', | ||
} else if (typeof payload === 'object') { | ||
var payload_validation_result = registered_claims_schema.validate(payload); | ||
if (payload_validation_result.error) { | ||
throw payload_validation_result.error; | ||
} | ||
payload = xtend(payload); | ||
@@ -50,0 +63,0 @@ } else if (typeof payload !== 'object') { |
@@ -18,3 +18,3 @@ var jwt = require('../index'); | ||
var signed = jws.sign({ | ||
header: header, | ||
header: header, | ||
payload: payload, | ||
@@ -26,5 +26,5 @@ secret: priv, | ||
jwt.verify(signed, pub, {typ: 'JWT'}, function(err, p) { | ||
assert.isNull(err); | ||
assert.deepEqual(p, payload); | ||
done(); | ||
assert.isNull(err); | ||
assert.deepEqual(p, payload); | ||
done(); | ||
}); | ||
@@ -55,3 +55,3 @@ }); | ||
var key = 'key'; | ||
var clock; | ||
@@ -76,5 +76,5 @@ afterEach(function () { | ||
it('should not error on unexpired token', function (done) { | ||
clock = sinon.useFakeTimers(1437018582000); | ||
var options = {algorithms: ['HS256']} | ||
it('should not error on expired token within clockTolerance interval', function (done) { | ||
clock = sinon.useFakeTimers(1437018584000); | ||
var options = {algorithms: ['HS256'], clockTolerance: 100} | ||
@@ -88,2 +88,13 @@ jwt.verify(token, key, options, function (err, p) { | ||
it('should not error if within maxAge timespan', function (done) { | ||
clock = sinon.useFakeTimers(1437018582500); | ||
var options = {algorithms: ['HS256'], maxAge: '600ms'}; | ||
jwt.verify(token, key, options, function (err, p) { | ||
assert.isNull(err); | ||
assert.equal(p.foo, 'bar'); | ||
done(); | ||
}); | ||
}); | ||
describe('option: maxAge', function () { | ||
@@ -103,6 +114,18 @@ it('should error for claims issued before a certain timespan', function (done) { | ||
}); | ||
it('should not error for claims issued before a certain timespan but still inside clockTolerance timespan', function (done) { | ||
clock = sinon.useFakeTimers(1437018582500); | ||
var options = {algorithms: ['HS256'], maxAge: '321ms', clockTolerance: 100}; | ||
jwt.verify(token, key, options, function (err, p) { | ||
assert.isNull(err); | ||
assert.equal(p.foo, 'bar'); | ||
done(); | ||
}); | ||
}); | ||
it('should not error if within maxAge timespan', function (done) { | ||
clock = sinon.useFakeTimers(1437018582500); | ||
var options = {algorithms: ['HS256'], maxAge: '600ms'}; | ||
jwt.verify(token, key, options, function (err, p) { | ||
@@ -117,3 +140,3 @@ assert.isNull(err); | ||
var options = {algorithms: ['HS256'], maxAge: '800ms'}; | ||
jwt.verify(token, key, options, function (err, p) { | ||
@@ -131,3 +154,3 @@ assert.equal(err.name, 'TokenExpiredError'); | ||
var options = {algorithms: ['HS256'], maxAge: '1200ms'}; | ||
jwt.verify(token, key, options, function (err, p) { | ||
@@ -147,3 +170,3 @@ // maxAge not exceded, but still expired | ||
var options = {algorithms: ['HS256'], maxAge: '1s'}; | ||
jwt.verify(token, key, options, function (err, p) { | ||
@@ -150,0 +173,0 @@ assert.equal(err.name, 'JsonWebTokenError'); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
82476
38
1190
261