Skip to content

Commit 0fdf78d

Browse files
JackuBJackuB
committed
Prevent throw on undefined/null secret
1 parent e46ca66 commit 0fdf78d

File tree

2 files changed

+24
-0
lines changed

2 files changed

+24
-0
lines changed

index.js

+3
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,9 @@ module.exports.verify = function(jwtString, secretOrPublicKey, options, callback
107107
return done(new JsonWebTokenError('jwt signature is required'));
108108
}
109109

110+
if (typeof secretOrPublicKey === "undefined" || secretOrPublicKey === null) // secretOrPublicKey can be empty string
111+
return done(new JsonWebTokenError('secret or publick key must be provided'));
112+
110113
if (!options.algorithms) {
111114
options.algorithms = ~secretOrPublicKey.toString().indexOf('BEGIN CERTIFICATE') ||
112115
~secretOrPublicKey.toString().indexOf('BEGIN PUBLIC KEY') ?

test/undefined_secretOrPublickey.tests.js

+21
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
var fs = require('fs');
2+
var path = require('path');
3+
var jwt = require('../index');
4+
var JsonWebTokenError = require('../lib/JsonWebTokenError');
5+
var expect = require('chai').expect;
6+
7+
var TOKEN = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.t-IDcSemACt8x4iTMCda8Yhe3iZaWbvV5XKSTbuAn0M';
8+
9+
describe('verifying without specified secret or public key', function () {
10+
it('should not verify null', function () {
11+
expect(function () {
12+
jwt.verify(TOKEN, null);
13+
}).to.throw(JsonWebTokenError, /secret or publick key must be provided/);
14+
});
15+
16+
it('should not verify undefined', function () {
17+
expect(function () {
18+
jwt.verify(TOKEN);
19+
}).to.throw(JsonWebTokenError, /secret or publick key must be provided/);
20+
});
21+
});

0 commit comments

Comments
 (0)