jsonwebtoken
Advanced tools
Comparing version 7.4.2 to 7.4.3
@@ -7,2 +7,6 @@ # Change Log | ||
## 7.4.3 - 2017-08-17 | ||
- Fix breaking change on 7.4.2 for empty secret + "none" algorithm (sync code style) ([PR 386](https://github.com/auth0/node-jsonwebtoken/pull/386)) | ||
## 7.4.2 - 2017-08-04 | ||
@@ -9,0 +13,0 @@ |
{ | ||
"name": "jsonwebtoken", | ||
"version": "7.4.2", | ||
"version": "7.4.3", | ||
"description": "JSON Web Token implementation (symmetric and asymmetric)", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -69,3 +69,3 @@ var Joi = require('joi'); | ||
if (!secretOrPrivateKey) { | ||
if (!secretOrPrivateKey && options.algorithm !== 'none') { | ||
return failure(new Error('secretOrPrivateKey must have a value')); | ||
@@ -72,0 +72,0 @@ } |
@@ -35,2 +35,20 @@ var jwt = require('../index'); | ||
it('should work with none algorithm where secret is set', function(done) { | ||
jwt.sign({ foo: 'bar' }, 'secret', { algorithm: 'none' }, function(err, token) { | ||
expect(token).to.be.a('string'); | ||
expect(token.split('.')).to.have.length(3); | ||
done(); | ||
}); | ||
}); | ||
//Known bug: https://github.com/brianloveswords/node-jws/issues/62 | ||
//If you need this use case, you need to go for the non-callback-ish code style. | ||
it.skip('should work with none algorithm where secret is falsy', function(done) { | ||
jwt.sign({ foo: 'bar' }, undefined, { algorithm: 'none' }, function(err, token) { | ||
expect(token).to.be.a('string'); | ||
expect(token.split('.')).to.have.length(3); | ||
done(); | ||
}); | ||
}); | ||
it('should return error when secret is not a cert for RS256', function(done) { | ||
@@ -70,3 +88,3 @@ //this throw an error because the secret is not a cert and RS256 requires a cert. | ||
[undefined, '', 0].forEach(function(secret){ | ||
it('should return an error if the secret is falsy: ' + (typeof secret === 'string' ? '(empty string)' : secret), function(done) { | ||
it('should return an error if the secret is falsy and algorithm is not set to none: ' + (typeof secret === 'string' ? '(empty string)' : secret), function(done) { | ||
// This is needed since jws will not answer for falsy secrets | ||
@@ -73,0 +91,0 @@ jwt.sign('string', secret, {}, function(err, token) { |
@@ -54,2 +54,12 @@ var jwt = require('../index'); | ||
it('should work with falsy secret and token not signed', function(done) { | ||
var signed = jwt.sign({ foo: 'bar' }, null, { algorithm: 'none' }); | ||
var unsigned = signed.split('.')[0] + '.' + signed.split('.')[1] + '.'; | ||
jwt.verify(unsigned, 'secret', function(err, decoded) { | ||
assert.isUndefined(decoded); | ||
assert.isNotNull(err); | ||
done(); | ||
}); | ||
}); | ||
it('should throw when verifying null', function(done) { | ||
@@ -56,0 +66,0 @@ jwt.verify(null, 'secret', function(err, decoded) { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
1249377
324
23243
0