diff --git a/.travis.yml b/.travis.yml index cc06ae6..6c43842 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,6 @@ language: node_js node_js: - - "0.11" + - "0.12" - "0.10" - "0.8" branches: diff --git a/index.js b/index.js index b0ee19a..282a09f 100644 --- a/index.js +++ b/index.js @@ -88,8 +88,8 @@ jwt.encode = function encode(key, payload, algorithm, cb) { // verify key & payload if (!key || !payload) { - return utils.fnError(new JWTError('The key and payload are mandatory!'), - cb); + return utils + .fnError(new JWTError('The key and payload are mandatory!'), cb); } else if (!Object.keys(payload).length) { return utils.fnError(new JWTError('The payload is empty object!'), cb); } else { diff --git a/package.json b/package.json index a0bddb9..2cdd8d1 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "json-web-token", - "version": "1.4.3", + "version": "1.5.3", "description": "JSON Web Token (JWT) is a compact token format intended for space constrained environments such as HTTP Authorization headers and URI query parameters.", "main": "index.js", "scripts": { @@ -34,15 +34,14 @@ }, "homepage": "https://github.com/joaquimserafim/json-web-token", "dependencies": { - "base64-url": "^1.2.0" + "base64-url": "^1.2.1" }, "devDependencies": { - "istanbul": "^0.3.5", - "jscs": "^1.10.0", - "jshint": "^2.5.6", - "pre-commit": "0.0.11", - "tape": "^3.4.0", - "which": "^1.0.8" + "istanbul": "^0.3.13", + "jscs": "^1.12.0", + "jshint": "^2.6.3", + "pre-commit": "^1.0.6", + "tape": "^3.5.0" }, "pre-commit": [ "jshint", diff --git a/test/test.js b/test/test.js index 0511fdb..dc4ed5d 100644 --- a/test/test.js +++ b/test/test.js @@ -1,20 +1,22 @@ 'use strict'; -var read = require('fs').readFileSync; -var test = require('tape'); -var jwt = require('../.'); +var read = require('fs').readFileSync; +var test = require('tape'); +var b64url = require('base64-url'); +var jwt = require('../.'); var payload = { - 'iss': 'my_issurer', - 'aud': 'World', - 'iat': 1400062400223, - 'typ': '/online/transactionstatus/v2', - 'request': { - 'myTransactionId': '[myTransactionId]', - 'merchantTransactionId': '[merchantTransactionId]', - 'status': 'SUCCESS' + iss: 'my_issurer', + aud: 'World', + iat: 1400062400223, + typ: '/online/transactionstatus/v2', + request: { + myTransactionId: '[myTransactionId]', + merchantTransactionId: '[merchantTransactionId]', + status: 'SUCCESS' } }; + var secret = 'TOPSECRETTTTT'; var theToken = null; var theTokenSign = null; @@ -181,3 +183,27 @@ test('jwt - encode without callback / null secret', function(assert) { assert.equal(res.error.message, 'The key and payload are mandatory!'); assert.end(); }); + +// +// +// + +test('should not encode for the "none" algorithm', function(assert) { + jwt.encode(secret, payload, 'none', function(err) { + assert.equal(err.name, 'JWTError'); + assert.equal(err.message, 'The algorithm is not supported!'); + assert.end(); + }); +}); + +test('should not decode for the "none" algorithm', function(assert) { + var encode = jwt.encode(secret, payload).value; + var badToken = encode.split('.'); + var badAlg = b64url.encode(JSON.stringify({typ: 'JWT', alg: 'none'})); + badToken[0] = badAlg; + var result = jwt.decode(secret, badToken.join('.')); + assert.deepEqual(!!result.error, true); + assert.equal(result.error.name, 'JWTError'); + assert.equal(result.error.message, 'The algorithm is not supported!'); + assert.end(); +});