Raise jws.decode error to avoid confusion with "invalid token" error (#294)

evolvah · ziluvatar · commit 7f68fe06c88d · 2017-02-09T13:54:58.000+01:00
* Corrected indistinguishable error messages

jws.decode() never throws an error. At least, in its current version. However, if it were to throw an exception, the diagnostics would be indistinguishable from a soft failure to decode a token. I had an extra trailing space on my JWT and it took me some additional debugging work to trace the actual root cause because the error message was not distinct.

* Allowed an exception from inside of jws.decode to be handled by the caller. Currently, jws.decode never throws an exception. The change is made per discsussion in the original PR

* Added a test case and proper forwarding of the possible exception thrown from jws.decode

* Typo correction
diff --git a/test/jwt.hs.tests.js b/test/jwt.hs.tests.js
@@ -77,6 +77,21 @@ describe('HS256', function() {
         done();
       });
     });
+  });
+
+  describe('should fail verification gracefully with trailing space in the jwt', function() {
+    var secret = 'shhhhhh';
+    var token  = jwt.sign({ foo: 'bar' }, secret, { algorithm: 'HS256' });
 
+    it('should return the "invalid token" error', function(done) {
+      var malformedToken = token + ' '; // corrupt the token by adding a space
+      jwt.verify(malformedToken, secret, { algorithm: 'HS256', ignoreExpiration: true }, function(err, decoded) {
+        assert.isNotNull(err);
+        assert.equal('JsonWebTokenError', err.name);
+        assert.equal('invalid token', err.message);
+        done();
+      });
+    });
   });
+
 });
diff --git a/verify.js b/verify.js
@@ -76,7 +76,7 @@ module.exports = function (jwtString, secretOrPublicKey, options, callback) {
   try {
     decodedToken = jws.decode(jwtString);
   } catch(err) {
-    return done(new JsonWebTokenError('invalid token'));
+    return done(err);
   }
 
   if (!decodedToken) {

Original file line number	Diff line number	Diff line change
`@@ -76,7 +76,7 @@ module.exports = function (jwtString, secretOrPublicKey, options, callback) {`
`76`	`76`	`try {`
`77`	`77`	`decodedToken = jws.decode(jwtString);`
`78`	`78`	`} catch(err) {`
`79`		`- return done(new JsonWebTokenError('invalid token'));`
	`79`	`+ return done(err);`
`80`	`80`	`}`
`81`	`81`
`82`	`82`	`if (!decodedToken) {`