jwt.hs.tests.js
3.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
var jwt = require('../index');
var expect = require('chai').expect;
var assert = require('chai').assert;
describe('HS256', function() {
describe('when signing a token', function() {
var secret = 'shhhhhh';
var token = jwt.sign({ foo: 'bar' }, secret, { algorithm: 'HS256' });
it('should be syntactically valid', function() {
expect(token).to.be.a('string');
expect(token.split('.')).to.have.length(3);
});
it('should be able to validate without options', function(done) {
var callback = function(err, decoded) {
assert.ok(decoded.foo);
assert.equal('bar', decoded.foo);
done();
};
callback.issuer = "shouldn't affect";
jwt.verify(token, secret, callback );
});
it('should validate with secret', function(done) {
jwt.verify(token, secret, function(err, decoded) {
assert.ok(decoded.foo);
assert.equal('bar', decoded.foo);
done();
});
});
it('should throw with invalid secret', function(done) {
jwt.verify(token, 'invalid secret', function(err, decoded) {
assert.isUndefined(decoded);
assert.isNotNull(err);
done();
});
});
it('should throw with secret and token not signed', function(done) {
var signed = jwt.sign({ foo: 'bar' }, secret, { algorithm: 'none' });
var unsigned = signed.split('.')[0] + '.' + signed.split('.')[1] + '.';
jwt.verify(unsigned, 'secret', function(err, decoded) {
assert.isUndefined(decoded);
assert.isNotNull(err);
done();
});
});
it('should work with falsy secret and token not signed', function(done) {
var signed = jwt.sign({ foo: 'bar' }, null, { algorithm: 'none' });
var unsigned = signed.split('.')[0] + '.' + signed.split('.')[1] + '.';
jwt.verify(unsigned, 'secret', function(err, decoded) {
assert.isUndefined(decoded);
assert.isNotNull(err);
done();
});
});
it('should throw when verifying null', function(done) {
jwt.verify(null, 'secret', function(err, decoded) {
assert.isUndefined(decoded);
assert.isNotNull(err);
done();
});
});
it('should return an error when the token is expired', function(done) {
var token = jwt.sign({ exp: 1 }, secret, { algorithm: 'HS256' });
jwt.verify(token, secret, { algorithm: 'HS256' }, function(err, decoded) {
assert.isUndefined(decoded);
assert.isNotNull(err);
done();
});
});
it('should NOT return an error when the token is expired with "ignoreExpiration"', function(done) {
var token = jwt.sign({ exp: 1, foo: 'bar' }, secret, { algorithm: 'HS256' });
jwt.verify(token, secret, { algorithm: 'HS256', ignoreExpiration: true }, function(err, decoded) {
assert.ok(decoded.foo);
assert.equal('bar', decoded.foo);
assert.isNull(err);
done();
});
});
it('should default to HS256 algorithm when no options are passed', function() {
var token = jwt.sign({ foo: 'bar' }, secret);
var verifiedToken = jwt.verify(token, secret);
assert.ok(verifiedToken.foo);
assert.equal('bar', verifiedToken.foo);
});
});
describe('should fail verification gracefully with trailing space in the jwt', function() {
var secret = 'shhhhhh';
var token = jwt.sign({ foo: 'bar' }, secret, { algorithm: 'HS256' });
it('should return the "invalid token" error', function(done) {
var malformedToken = token + ' '; // corrupt the token by adding a space
jwt.verify(malformedToken, secret, { algorithm: 'HS256', ignoreExpiration: true }, function(err, decoded) {
assert.isNotNull(err);
assert.equal('JsonWebTokenError', err.name);
assert.equal('invalid token', err.message);
done();
});
});
});
});