auth0 · adamjmcgrath · Jul 14, 2020 · Jul 14, 2020 · Jul 14, 2020 · adamjmcgrath
diff --git a/middleware/requiresAuth.js b/middleware/requiresAuth.js
@@ -54,13 +54,9 @@ function checkJSONprimitive(value) {
   }
 }
 
-// TODO: find a better name
-module.exports.withClaimEqualCheck = function withClaimEqualCheck(
-  claim,
-  expected
-) {
+module.exports.claimEquals = function claimEquals(claim, expected) {
   // check that claim is a string value
-  if (typeof claims !== 'string') {
+  if (typeof claim !== 'string') {
     throw new TypeError('"claim" must be a string');
   }
   // check that expected is a JSON supported primitive
@@ -84,13 +80,9 @@ module.exports.withClaimEqualCheck = function withClaimEqualCheck(
   return requiresLoginMiddleware.bind(undefined, authenticationCheck);
 };
 
-// TODO: find a better name
-module.exports.withClaimIncluding = function withClaimIncluding(
-  claim,
-  ...expected
-) {
+module.exports.claimIncludes = function claimIncludes(claim, ...expected) {
   // check that claim is a string value
-  if (typeof claims !== 'string') {
+  if (typeof claim !== 'string') {
     throw new TypeError('"claim" must be a string');
   }
   // check that all expected are JSON supported primitives
@@ -109,7 +101,9 @@ module.exports.withClaimIncluding = function withClaimIncluding(
     if (typeof actual === 'string') {
       actual = actual.split(' ');
     } else if (!Array.isArray(actual)) {
-      // TODO: log unexpected type;
+      debug.trace(
+        `Unexpected claim type. Expected array or string, got ${typeof actual}`
+      );
       return true;
     }
 
@@ -120,11 +114,10 @@ module.exports.withClaimIncluding = function withClaimIncluding(
   return requiresLoginMiddleware.bind(undefined, authenticationCheck);
 };
 
-// TODO: find a better name
-module.exports.custom = function custom(func) {
+module.exports.claimCheck = function claimCheck(func) {
   // check that func is a function
   if (typeof func !== 'function' || func.constructor.name !== 'Function') {
-    throw new TypeError('"function" must be a function');
+    throw new TypeError('"claimCheck" expects a function');
   }
   const authenticationCheck = (req) => {
     if (defaultRequiresLogin(req)) {
@@ -133,7 +126,7 @@ module.exports.custom = function custom(func) {
 
     const { idTokenClaims } = req.oidc;
 
-    return func(req, idTokenClaims);
+    return !func(req, idTokenClaims);
   };
   return requiresLoginMiddleware.bind(undefined, authenticationCheck);
 };
diff --git a/test/callback.tests.js b/test/callback.tests.js
@@ -10,7 +10,7 @@ const TransientCookieHandler = require('../lib/transientHandler');
 const { encodeState } = require('../lib/hooks/getLoginState');
 const expressOpenid = require('..');
 const { create: createServer } = require('./fixture/server');
-const cert = require('./fixture/cert');
+const { makeIdToken } = require('./fixture/cert');
 const clientID = '__test_client_id__';
 const expectedDefaultState = encodeState({ returnTo: 'https://example.org' });
 const nock = require('nock');
@@ -100,26 +100,6 @@ const setup = async (params) => {
   };
 };
 
-function makeIdToken(payload) {
-  payload = Object.assign(
-    {
-      nickname: '__test_nickname__',
-      sub: '__test_sub__',
-      iss: 'https://op.example.com/',
-      aud: clientID,
-      iat: Math.round(Date.now() / 1000),
-      exp: Math.round(Date.now() / 1000) + 60000,
-      nonce: '__test_nonce__',
-    },
-    payload
-  );
-
-  return jose.JWT.sign(payload, cert.key, {
-    algorithm: 'RS256',
-    header: { kid: cert.kid },
-  });
-}
-
 // For the purpose of this test the fake SERVER returns the error message in the body directly
 // production application should have an error middleware.
 // http://expressjs.com/en/guide/error-handling.html

diff --git a/test/fixture/cert.js b/test/fixture/cert.js
@@ -1,6 +1,6 @@
-const jose = require('jose');
+const { JWK, JWKS, JWT } = require('jose');
 
-const key = jose.JWK.asKey({
+const key = JWK.asKey({
   e: 'AQAB',
   n:
     'wQrThQ9HKf8ksCQEzqOu0ofF8DtLJgexeFSQBNnMQetACzt4TbHPpjhTWUIlD8bFCkyx88d2_QV3TewMtfS649Pn5hV6adeYW2TxweAA8HVJxskcqTSa_ktojQ-cD43HIStsbqJhHoFv0UY6z5pwJrVPT-yt38ciKo9Oc9IhEl6TSw-zAnuNW0zPOhKjuiIqpAk1lT3e6cYv83ahx82vpx3ZnV83dT9uRbIbcgIpK4W64YnYb5uDH7hGI8-4GnalZDfdApTu-9Y8lg_1v5ul-eQDsLCkUCPkqBaNiCG3gfZUAKp9rrFRE_cJTv_MJn-y_XSTMWILvTY7vdSMRMo4kQ',
@@ -21,7 +21,27 @@ const key = jose.JWK.asKey({
   alg: 'RS256',
 });
 
-module.exports.jwks = new jose.JWKS.KeyStore(key).toJWKS(false);
+module.exports.jwks = new JWKS.KeyStore(key).toJWKS(false);
 
 module.exports.key = key.toPEM(true);
 module.exports.kid = key.kid;
+
+module.exports.makeIdToken = (payload) => {
+  payload = Object.assign(
+    {
+      nickname: '__test_nickname__',
+      sub: '__test_sub__',
+      iss: 'https://op.example.com/',
+      aud: '__test_client_id__',
+      iat: Math.round(Date.now() / 1000),
+      exp: Math.round(Date.now() / 1000) + 60000,
+      nonce: '__test_nonce__',
+    },
+    payload
+  );
+
+  return JWT.sign(payload, key.toPEM(true), {
+    algorithm: 'RS256',
+    header: { kid: key.kid },
+  });
+};
diff --git a/test/invalid_response_type.tests.js b/test/invalid_response_type.tests.js