Skip to content

Commit be9c09a

Browse files
jfromaniellojfromaniello
committed
fix signing method with sealed objects, do not modify the params object. closes #147 
1 parent 42145bc commit be9c09a

File tree

4 files changed

+18
-4
lines changed

4 files changed

+18
-4
lines changed

index.js

+2-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
var jws = require('jws');
22
var ms = require('ms');
33
var timespan = require('./lib/timespan');
4+
var xtend = require('xtend');
45

56
var JWT = module.exports;
67

@@ -39,7 +40,7 @@ JWT.decode = function (jwt, options) {
3940

4041
JWT.sign = function(payload, secretOrPrivateKey, options, callback) {
4142
options = options || {};
42-
43+
payload = typeof payload === 'object' ? xtend(payload) : payload;
4344
var header = {};
4445

4546
if (typeof payload === 'object') {

package.json

+2-1
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,8 @@
2020
},
2121
"dependencies": {
2222
"jws": "^3.0.0",
23-
"ms": "^0.7.1"
23+
"ms": "^0.7.1",
24+
"xtend": "^4.0.1"
2425
},
2526
"devDependencies": {
2627
"atob": "^1.1.2",

test/bug_147.tests.js

+12
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
var jwt = require('../index');
2+
var expect = require('chai').expect;
3+
4+
describe('signing with a sealed payload', function() {
5+
6+
it('should put the expiration claim', function () {
7+
var token = jwt.sign(Object.seal({foo: 123}), '123', { expiresIn: 10 });
8+
var result = jwt.verify(token, '123');
9+
expect(result.exp).to.be.closeTo(Math.floor(Date.now() / 1000) + 10, 0.2);
10+
});
11+
12+
});

test/jwt.rs.tests.js

+2-2
Original file line numberDiff line numberDiff line change
@@ -391,14 +391,14 @@ describe('RS256', function() {
391391
var obj = { foo: 'bar' };
392392
var token = jwt.sign(obj, priv, { algorithm: 'RS256' });
393393
var payload = jwt.decode(token);
394-
assert.deepEqual(payload, obj);
394+
assert.equal(payload.foo, obj.foo);
395395
done();
396396
});
397397
it('should return the header and payload and signature if complete option is set', function(done) {
398398
var obj = { foo: 'bar' };
399399
var token = jwt.sign(obj, priv, { algorithm: 'RS256' });
400400
var decoded = jwt.decode(token, { complete: true });
401-
assert.deepEqual(decoded.payload, obj);
401+
assert.equal(decoded.payload.foo, obj.foo);
402402
assert.deepEqual(decoded.header, { typ: 'JWT', alg: 'RS256' });
403403
assert.ok(typeof decoded.signature == 'string');
404404
done();

0 commit comments

Comments
 (0)