Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: return token as input property in verify when complete is true #522

Merged
merged 1 commit into from
Dec 11, 2024
Merged

fix: return token as input property in verify when complete is true #522

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions src/verifier.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,10 @@ function verifyToken(
validateAlgorithmAndSignature(input, header, signature, key, allowedAlgorithms)

// Verify typ
if (checkTyp && (typeof header.typ !== 'string' || checkTyp !== header.typ.toLowerCase().replace(/^application\//, ''))) {
if (
checkTyp &&
(typeof header.typ !== 'string' || checkTyp !== header.typ.toLowerCase().replace(/^application\//, ''))
) {
throw new TokenError(TokenError.codes.invalidType, 'Invalid typ.')
}

Expand Down Expand Up @@ -306,7 +309,7 @@ function verify(
try {
verifyToken(key, decoded, validationContext)

return cacheSet(cacheContext, complete ? { header, payload, signature } : payload)
return cacheSet(cacheContext, complete ? { header, payload, signature, input: token } : payload)
} catch (e) {
throw cacheSet(cacheContext, e)
}
Expand Down Expand Up @@ -351,7 +354,7 @@ function verify(
return callback(cacheSet(cacheContext, e))
}

callback(null, cacheSet(cacheContext, complete ? { header, payload, signature } : payload))
callback(null, cacheSet(cacheContext, complete ? { header, payload, signature, input: token } : payload))
})

return promise
Expand Down
51 changes: 41 additions & 10 deletions test/verifier.spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ function verify(token, options, callback) {
}

test('it gets the correct decoded jwt token as argument on the key callback', async t => {
t.plan(1)
verify('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoxfQ.57TF7smP9XDhIexBqPC-F1toZReYZLWb_YRU5tv0sxM', {
key: async decoded => {
t.assert.deepStrictEqual(decoded, {
Expand Down Expand Up @@ -115,7 +116,8 @@ test('it correctly verifies a token - sync', t => {
{
header: { typ: 'JWT', alg: 'HS256' },
payload: { a: 1 },
signature: '57TF7smP9XDhIexBqPC-F1toZReYZLWb_YRU5tv0sxM'
signature: '57TF7smP9XDhIexBqPC-F1toZReYZLWb_YRU5tv0sxM',
input: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoxfQ.57TF7smP9XDhIexBqPC-F1toZReYZLWb_YRU5tv0sxM'
}
)

Expand Down Expand Up @@ -147,7 +149,8 @@ test('it correctly verifies a token - async - key with callback', async t => {
{
header: { typ: 'JWT', alg: 'HS256' },
payload: { a: 1 },
signature: '57TF7smP9XDhIexBqPC-F1toZReYZLWb_YRU5tv0sxM'
signature: '57TF7smP9XDhIexBqPC-F1toZReYZLWb_YRU5tv0sxM',
input: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoxfQ.57TF7smP9XDhIexBqPC-F1toZReYZLWb_YRU5tv0sxM'
}
)
})
Expand Down Expand Up @@ -1008,7 +1011,7 @@ test('caching - sync - custom cacheKeyBuilder', t => {
const token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoxfQ.57TF7smP9XDhIexBqPC-F1toZReYZLWb_YRU5tv0sxM'
const invalidToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoxfQ.aaa'

const verifier = createVerifier({ key: 'secret', cache: true, cacheKeyBuilder: (id) => id })
const verifier = createVerifier({ key: 'secret', cache: true, cacheKeyBuilder: id => id })

t.assert.equal(verifier.cache.size, 0)
t.assert.deepStrictEqual(verifier(token), { a: 1 })
Expand Down Expand Up @@ -1258,7 +1261,11 @@ test('caching - should be able to consider both nbf and exp field at the same ti
t.assert.equal(verifier.cache.size, 1)
t.assert.deepStrictEqual(verifier(token), { a: 1, iat: 100, nbf: 300, exp: 500 })
t.assert.equal(verifier.cache.size, 1)
t.assert.deepStrictEqual(verifier.cache.get(hashToken(token)), [{ a: 1, iat: 100, nbf: 300, exp: 500 }, 300000, 500000])
t.assert.deepStrictEqual(verifier.cache.get(hashToken(token)), [
{ a: 1, iat: 100, nbf: 300, exp: 500 },
300000,
500000
])

// Now advance again after the expiry time
clock.tick(210000)
Expand Down Expand Up @@ -1295,7 +1302,11 @@ test('caching - should be able to consider clockTolerance on both nbf and exp fi
t.assert.equal(verifier.cache.size, 1)
t.assert.deepStrictEqual(verifier(token), { a: 1, iat: 100, nbf: 300, exp: 500 })
t.assert.equal(verifier.cache.size, 1)
t.assert.deepStrictEqual(verifier.cache.get(hashToken(token)), [{ a: 1, iat: 100, nbf: 300, exp: 500 }, 240000, 560000])
t.assert.deepStrictEqual(verifier.cache.get(hashToken(token)), [
{ a: 1, iat: 100, nbf: 300, exp: 500 },
240000,
560000
])

// Now advance to activation time
clock.tick(150000)
Expand All @@ -1305,15 +1316,23 @@ test('caching - should be able to consider clockTolerance on both nbf and exp fi
t.assert.equal(verifier.cache.size, 1)
t.assert.deepStrictEqual(verifier(token), { a: 1, iat: 100, nbf: 300, exp: 500 })
t.assert.equal(verifier.cache.size, 1)
t.assert.deepStrictEqual(verifier.cache.get(hashToken(token)), [{ a: 1, iat: 100, nbf: 300, exp: 500 }, 240000, 560000])
t.assert.deepStrictEqual(verifier.cache.get(hashToken(token)), [
{ a: 1, iat: 100, nbf: 300, exp: 500 },
240000,
560000
])

// Now advance again after the expiry time, in clockTolerance range (current time going to be 540000 )
clock.tick(150000)
t.assert.deepStrictEqual(verifier(token), { a: 1, iat: 100, nbf: 300, exp: 500 })
t.assert.equal(verifier.cache.size, 1)
t.assert.deepStrictEqual(verifier(token), { a: 1, iat: 100, nbf: 300, exp: 500 })
t.assert.equal(verifier.cache.size, 1)
t.assert.deepStrictEqual(verifier.cache.get(hashToken(token)), [{ a: 1, iat: 100, nbf: 300, exp: 500 }, 240000, 560000])
t.assert.deepStrictEqual(verifier.cache.get(hashToken(token)), [
{ a: 1, iat: 100, nbf: 300, exp: 500 },
240000,
560000
])

clock.tick(100000)
// The token should now be expired and the cache should have been updated to reflect it
Expand Down Expand Up @@ -1347,7 +1366,11 @@ test('caching - should ignore the nbf and exp when asked to', t => {
t.assert.equal(verifierNoNbf.cache.size, 1)
t.assert.deepStrictEqual(verifierNoNbf(token), { a: 1, iat: 100, nbf: 300, exp: 500 })
t.assert.equal(verifierNoNbf.cache.size, 1)
t.assert.deepStrictEqual(verifierNoNbf.cache.get(hashToken(token)), [{ a: 1, iat: 100, nbf: 300, exp: 500 }, 0, 500000])
t.assert.deepStrictEqual(verifierNoNbf.cache.get(hashToken(token)), [
{ a: 1, iat: 100, nbf: 300, exp: 500 },
0,
500000
])

// Now advance to activation time
clock.tick(200000)
Expand All @@ -1357,7 +1380,11 @@ test('caching - should ignore the nbf and exp when asked to', t => {
t.assert.equal(verifier.cache.size, 1)
t.assert.deepStrictEqual(verifier(token), { a: 1, iat: 100, nbf: 300, exp: 500 })
t.assert.equal(verifier.cache.size, 1)
t.assert.deepStrictEqual(verifier.cache.get(hashToken(token)), [{ a: 1, iat: 100, nbf: 300, exp: 500 }, 300000, 500000])
t.assert.deepStrictEqual(verifier.cache.get(hashToken(token)), [
{ a: 1, iat: 100, nbf: 300, exp: 500 },
300000,
500000
])

// Now advance again after the expiry time
clock.tick(210000)
Expand All @@ -1374,7 +1401,11 @@ test('caching - should ignore the nbf and exp when asked to', t => {
t.assert.equal(verifierNoExp.cache.size, 1)
t.assert.deepStrictEqual(verifierNoExp(token), { a: 1, iat: 100, nbf: 300, exp: 500 })
t.assert.equal(verifierNoExp.cache.size, 1)
t.assert.deepStrictEqual(verifierNoExp.cache.get(hashToken(token)), [{ a: 1, iat: 100, nbf: 300, exp: 500 }, 300000, 1110000])
t.assert.deepStrictEqual(verifierNoExp.cache.get(hashToken(token)), [
{ a: 1, iat: 100, nbf: 300, exp: 500 },
300000,
1110000
])

clock.uninstall()
})
Expand Down
Loading