Merge branch 'ignoreExpiration' of https://github.com/ben-bradley/nod…

…e-jsonwebtoken into ben-bradley-ignoreExpiration Conflicts: README.md index.js test/jwt.hs.tests.js
auth0 · Mar 6, 2015 · 8d4da27 · 8d4da27
2 parents 6448ce3 + 002cce1
commit 8d4da27
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -41,6 +41,8 @@ Additional headers can be provided via the `headers` object.
 
 Generated jwts will include an `iat` claim by default unless `noTimestamp` is specified.
 
+Setting `ignoreExpiration` to `true` will prevent expired tokens from generating an error.
+
 Example
 
 ```js
@@ -55,6 +57,13 @@ var token = jwt.sign({ foo: 'bar' }, cert, { algorithm: 'RS256'});
 
 ### jwt.verify(token, secretOrPublicKey, [options, callback])
 
+`options`:
+
+*  `ignoreExpiration`
+*  `audience`
+*  `issuer`
+
+
 (Asynchronous) If a callback is supplied, function acts asynchronously. Callback passed the payload decoded if the signature (and optionally expiration, audience, issuer) are valid. If not, it will be passed the error.
 
 (Synchronous) If a callback is not supplied, function acts synchronously. Returns the payload decoded if the signature (and optionally expiration, audience, issuer) are valid. If not, it will throw the error.

diff --git a/index.js b/index.js
@@ -111,7 +111,7 @@ module.exports.verify = function(jwtString, secretOrPublicKey, options, callback
     return done(err);
   }
 
-  if (typeof payload.exp !== 'undefined') {
+  if (typeof payload.exp !== 'undefined' && !options.ignoreExpiration) {
     if (typeof payload.exp !== 'number') {
       return done(new JsonWebTokenError('invalid exp value'));
     }

diff --git a/test/jwt.hs.tests.js b/test/jwt.hs.tests.js
@@ -17,7 +17,7 @@ describe('HS256', function() {
 
     it('should without options', function(done) {
       var callback = function(err, decoded) {
-      assert.ok(decoded.foo);
+        assert.ok(decoded.foo);
         assert.equal('bar', decoded.foo);
         done();
       };
@@ -59,5 +59,33 @@ describe('HS256', function() {
       });
     });
 
+    it('should throw when the payload is not json', function(done) {
+      var token = jwt.sign('bar', 'secret', { algorithm: 'HS256' });
+      jwt.verify(token, 'secret', function(err, decoded) {
+        assert.isUndefined(decoded);
+        assert.isNotNull(err);
+        done();
+      });
+    });
+
+    it('should return an error when the token is expired', function(done) {
+      var token = jwt.sign({ exp: 1 }, secret, { algorithm: 'HS256' });
+      jwt.verify(token, secret, { algorithm: 'HS256' }, function(err, decoded) {
+        assert.isUndefined(decoded);
+        assert.isNotNull(err);
+        done();
+      });
+    });
+
+    it('should NOT return an error when the token is expired with "ignoreExpiration"', function(done) {
+      var token = jwt.sign({ exp: 1, foo: 'bar' }, secret, { algorithm: 'HS256' });
+      jwt.verify(token, secret, { algorithm: 'HS256', ignoreExpiration: true }, function(err, decoded) {
+        assert.ok(decoded.foo);
+        assert.equal('bar', decoded.foo);
+        assert.isNull(err);
+        done();
+      });
+    });
+
   });
 });
diff --git a/test/jwt.rs.tests.js b/test/jwt.rs.tests.js
@@ -75,6 +75,17 @@ describe('RS256', function() {
         done();
       });
     });
+
+    it('should NOT be invalid', function(done) {
+      // expired token
+      token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', expiresInMinutes: -10 });
+
+      jwt.verify(token, pub, { ignoreExpiration: true }, function(err, decoded) {
+        assert.ok(decoded.foo);
+        assert.equal('bar', decoded.foo);
+        done();
+      });
+    });
   });
 
   describe('when signing a token with audience', function() {