Raise jws.decode error to avoid confusion with "invalid token" error (#…

…294)

* Corrected indistinguishable error messages

jws.decode() never throws an error. At least, in its current version. However, if it were to throw an exception, the diagnostics would be indistinguishable from a soft failure to decode a token. I had an extra trailing space on my JWT and it took me some additional debugging work to trace the actual root cause because the error message was not distinct.

* Allowed an exception from inside of jws.decode to be handled by the caller. Currently, jws.decode never throws an exception. The change is made per discsussion in the original PR

* Added a test case and proper forwarding of the possible exception thrown from jws.decode

* Typo correction

test/jwt.hs.tests.js

@@ -77,6 +77,21 @@ describe('HS256', function() {
         done();
       });
     });
+  });
+
+  describe('should fail verification gracefully with trailing space in the jwt', function() {
+    var secret = 'shhhhhh';
+    var token  = jwt.sign({ foo: 'bar' }, secret, { algorithm: 'HS256' });
 
+    it('should return the "invalid token" error', function(done) {
+      var malformedToken = token + ' '; // corrupt the token by adding a space
+      jwt.verify(malformedToken, secret, { algorithm: 'HS256', ignoreExpiration: true }, function(err, decoded) {
+        assert.isNotNull(err);
+        assert.equal('JsonWebTokenError', err.name);
+        assert.equal('invalid token', err.message);
+        done();
+      });
+    });
   });
+
 });

verify.js

@@ -76,7 +76,7 @@ module.exports = function (jwtString, secretOrPublicKey, options, callback) {
   try {
     decodedToken = jws.decode(jwtString);
   } catch(err) {
-    return done(new JsonWebTokenError('invalid token'));
+    return done(err);
   }
 
   if (!decodedToken) {