fix signing method with sealed objects, do not modify the params obje…

…ct. closes #147

index.js

@@ -1,6 +1,7 @@
 var jws = require('jws');
 var ms = require('ms');
 var timespan = require('./lib/timespan');
+var xtend = require('xtend');
 
 var JWT = module.exports;
 
@@ -39,7 +40,7 @@ JWT.decode = function (jwt, options) {
 
 JWT.sign = function(payload, secretOrPrivateKey, options, callback) {
   options = options || {};
-
+  payload = typeof payload === 'object' ? xtend(payload) : payload;
   var header = {};
 
   if (typeof payload === 'object') {

package.json

@@ -20,7 +20,8 @@
   },
   "dependencies": {
     "jws": "^3.0.0",
-    "ms": "^0.7.1"
+    "ms": "^0.7.1",
+    "xtend": "^4.0.1"
   },
   "devDependencies": {
     "atob": "^1.1.2",

test/bug_147.tests.js

@@ -0,0 +1,12 @@
+var jwt = require('../index');
+var expect = require('chai').expect;
+
+describe('signing with a sealed payload', function() {
+
+  it('should put the expiration claim', function () {
+    var token = jwt.sign(Object.seal({foo: 123}), '123', { expiresIn: 10 });
+    var result = jwt.verify(token, '123');
+    expect(result.exp).to.be.closeTo(Math.floor(Date.now() / 1000) + 10, 0.2);
+  });
+
+});

test/jwt.rs.tests.js

@@ -391,14 +391,14 @@ describe('RS256', function() {
       var obj     = { foo: 'bar' };
       var token   = jwt.sign(obj, priv, { algorithm: 'RS256' });
       var payload = jwt.decode(token);
-      assert.deepEqual(payload, obj);
+      assert.equal(payload.foo, obj.foo);
       done();
     });
     it('should return the header and payload and signature if complete option is set', function(done) {
       var obj     = { foo: 'bar' };
       var token   = jwt.sign(obj, priv, { algorithm: 'RS256' });
       var decoded = jwt.decode(token, { complete: true });
-      assert.deepEqual(decoded.payload, obj);
+      assert.equal(decoded.payload.foo, obj.foo);
       assert.deepEqual(decoded.header, { typ: 'JWT', alg: 'RS256' });
       assert.ok(typeof decoded.signature == 'string');
       done();