Skip to content

Commit

Permalink
Merge pull request #386 from ziluvatar/issue_381
Browse files Browse the repository at this point in the history
Fix breaking change on 7.4.2 for empty secret + "none" algorithm (sync code style)
  • Loading branch information
fiddur authored Aug 17, 2017
2 parents e56f904 + 2a3404f commit 2e4e30b
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 2 deletions.
2 changes: 1 addition & 1 deletion sign.js
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ module.exports = function (payload, secretOrPrivateKey, options, callback) {
throw err;
}

if (!secretOrPrivateKey) {
if (!secretOrPrivateKey && options.algorithm !== 'none') {
return failure(new Error('secretOrPrivateKey must have a value'));
}

Expand Down
20 changes: 19 additions & 1 deletion test/async_sign.tests.js
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,24 @@ describe('signing a token asynchronously', function() {
});
});

it('should work with none algorithm where secret is set', function(done) {
jwt.sign({ foo: 'bar' }, 'secret', { algorithm: 'none' }, function(err, token) {
expect(token).to.be.a('string');
expect(token.split('.')).to.have.length(3);
done();
});
});

//Known bug: https://github.com/brianloveswords/node-jws/issues/62
//If you need this use case, you need to go for the non-callback-ish code style.
it.skip('should work with none algorithm where secret is falsy', function(done) {
jwt.sign({ foo: 'bar' }, undefined, { algorithm: 'none' }, function(err, token) {
expect(token).to.be.a('string');
expect(token.split('.')).to.have.length(3);
done();
});
});

it('should return error when secret is not a cert for RS256', function(done) {
//this throw an error because the secret is not a cert and RS256 requires a cert.
jwt.sign({ foo: 'bar' }, secret, { algorithm: 'RS256' }, function (err) {
Expand Down Expand Up @@ -66,7 +84,7 @@ describe('signing a token asynchronously', function() {

describe('secret must have a value', function(){
[undefined, '', 0].forEach(function(secret){
it('should return an error if the secret is falsy: ' + (typeof secret === 'string' ? '(empty string)' : secret), function(done) {
it('should return an error if the secret is falsy and algorithm is not set to none: ' + (typeof secret === 'string' ? '(empty string)' : secret), function(done) {
// This is needed since jws will not answer for falsy secrets
jwt.sign('string', secret, {}, function(err, token) {
expect(err).to.be.exist();
Expand Down
10 changes: 10 additions & 0 deletions test/jwt.hs.tests.js
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,16 @@ describe('HS256', function() {
});
});

it('should work with falsy secret and token not signed', function(done) {
var signed = jwt.sign({ foo: 'bar' }, null, { algorithm: 'none' });
var unsigned = signed.split('.')[0] + '.' + signed.split('.')[1] + '.';
jwt.verify(unsigned, 'secret', function(err, decoded) {
assert.isUndefined(decoded);
assert.isNotNull(err);
done();
});
});

it('should throw when verifying null', function(done) {
jwt.verify(null, 'secret', function(err, decoded) {
assert.isUndefined(decoded);
Expand Down

0 comments on commit 2e4e30b

Please sign in to comment.