Skip to content

Commit

Permalink
Merge branch 'Hender-hs-fix/sign-params-types-and-behavior' into 11.0.0
Browse files Browse the repository at this point in the history
  • Loading branch information
kamilmysliwiec committed Jun 12, 2023
2 parents 3b4138f + 60c3d6e commit 408b1cf
Show file tree
Hide file tree
Showing 2 changed files with 112 additions and 0 deletions.
75 changes: 75 additions & 0 deletions lib/jwt.service.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -303,4 +303,79 @@ describe('JWT Service', () => {
).resolves.toBe(`verified_${testPayload}_by_customPublicKey`);
});
});

describe('should not use invalid sign options', () => {
let jwtService: JwtService;
let testPayloadStr: string = getRandomString();

beforeAll(async () => {
jwtService = await setup({ secretOrKeyProvider: undefined });
});

it('should not "sign" expect errors with a "payload" string and "secret"', () => {
// @ts-expect-no-error
expect(() => jwtService.sign(testPayloadStr, { secret: 'secret' }));
});

it('should not "signAsync" expect errors with a "payload" string and "privateKey"', () => {
// @ts-expect-no-error
expect(() =>
jwtService.signAsync(testPayloadStr, { privateKey: 'privateKey' })
);
});
});

describe('should use invalid sign options', () => {
const signOptions: jwt.SignOptions = {
expiresIn: '1d'
};

let jwtService: JwtService;
let testPayloadStr: string = getRandomString();
let testPayloadObj: object = {};

beforeAll(async () => {
jwtService = await setup({ signOptions, secretOrKeyProvider: undefined });
});

it('should "sign" expect errors with a "payload" string with "expiresIn"', () => {
expect(() =>
// @ts-expect-error
jwtService.sign(testPayloadStr, { expiresIn: 60 })
).toThrowError(
'Payload as string is not allowed with the following sign options: expiresIn'
);
});

it('should "signAsync" expect errors with a "payload" string with "notBefore"', () => {
expect(() =>
// @ts-expect-error
jwtService.signAsync(testPayloadStr, { notBefore: 60 })
).toThrowError(
'Payload as string is not allowed with the following sign options: expiresIn, notBefore'
);
});

it('should not "sign" expect errors with a "payload" object with "notBefore" ', () => {
// @ts-expect-no-error
expect(() => jwtService.sign(testPayloadObj, { notBefore: 60 }));
});

it('should not "signAsync" expect errors with a "payload" object with "notBefore" ', () => {
// @ts-expect-no-error
expect(() => jwtService.signAsync(testPayloadObj, { notBefore: 60 }));
});

it('should "sign" expect errors using "payload" string with already defined invalid sign options', () => {
expect(() => jwtService.sign(testPayloadStr)).toThrowError(
'Payload as string is not allowed with the following sign options: expiresIn'
);
});

it('should "signAsync" expect errors using "payload" string with already defined invalid sign options', () => {
expect(() => jwtService.signAsync(testPayloadStr)).toThrowError(
'Payload as string is not allowed with the following sign options: expiresIn'
);
});
});
});
37 changes: 37 additions & 0 deletions lib/jwt.service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,11 @@ export class JwtService {
private readonly options: JwtModuleOptions = {}
) {}

sign(
payload: string,
options?: Omit<JwtSignOptions, keyof jwt.SignOptions>
): string;
sign(payload: Buffer | object, options?: JwtSignOptions): string;
sign(payload: string | Buffer | object, options?: JwtSignOptions): string {
const signOptions = this.mergeJwtOptions(
{ ...options },
Expand All @@ -30,9 +35,29 @@ export class JwtService {
JwtSecretRequestType.SIGN
);

const allowedSignOptKeys = ['secret', 'privateKey'];
const signOptKeys = Object.keys(signOptions);
if (
typeof payload === 'string' &&
signOptKeys.some((k) => !allowedSignOptKeys.includes(k))
) {
throw new Error(
'Payload as string is not allowed with the following sign options: ' +
signOptKeys.join(', ')
);
}

return jwt.sign(payload, secret, signOptions);
}

signAsync(
payload: string,
options?: Omit<JwtSignOptions, keyof jwt.SignOptions>
): Promise<string>;
signAsync(
payload: Buffer | object,
options?: JwtSignOptions
): Promise<string>;
signAsync(
payload: string | Buffer | object,
options?: JwtSignOptions
Expand All @@ -48,6 +73,18 @@ export class JwtService {
JwtSecretRequestType.SIGN
);

const allowedSignOptKeys = ['secret', 'privateKey'];
const signOptKeys = Object.keys(signOptions);
if (
typeof payload === 'string' &&
signOptKeys.some((k) => !allowedSignOptKeys.includes(k))
) {
throw new Error(
'Payload as string is not allowed with the following sign options: ' +
signOptKeys.join(', ')
);
}

return new Promise((resolve, reject) =>
jwt.sign(payload, secret, signOptions, (err, encoded) =>
err ? reject(err) : resolve(encoded)
Expand Down

0 comments on commit 408b1cf

Please sign in to comment.