Skip to content

Commit d06359e

Browse files
jfromaniellojfromaniello
committed
Revert "Merge branch 'venatir-master'"
This reverts commit d66d4eb, reversing changes made to 5117aac.
1 parent 51c4fef commit d06359e

File tree

2 files changed

+12
-6
lines changed

2 files changed

+12
-6
lines changed

test/verify.tests.js

+5-5
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ describe('verify', function() {
1111
var priv = fs.readFileSync(path.join(__dirname, 'priv.pem'));
1212

1313
it('should first assume JSON claim set', function (done) {
14-
var header = { typ: 'JWT', alg: 'RS256' };
14+
var header = { alg: 'RS256' };
1515
var payload = { iat: Math.floor(Date.now() / 1000 ) };
1616

1717
var signed = jws.sign({
@@ -21,15 +21,15 @@ describe('verify', function() {
2121
encoding: 'utf8'
2222
});
2323

24-
jwt.verify(signed, pub, function(err, p) {
24+
jwt.verify(signed, pub, {typ: 'JWT'}, function(err, p) {
2525
assert.isNull(err);
2626
assert.deepEqual(p, payload);
2727
done();
2828
});
2929
});
3030

3131
it('should be able to validate unsigned token', function (done) {
32-
var header = { typ: 'JWT', alg: 'none' };
32+
var header = { alg: 'none' };
3333
var payload = { iat: Math.floor(Date.now() / 1000 ) };
3434

3535
var signed = jws.sign({
@@ -39,7 +39,7 @@ describe('verify', function() {
3939
encoding: 'utf8'
4040
});
4141

42-
jwt.verify(signed, null, function(err, p) {
42+
jwt.verify(signed, null, {typ: 'JWT'}, function(err, p) {
4343
assert.isNull(err);
4444
assert.deepEqual(p, payload);
4545
done();
@@ -93,7 +93,7 @@ describe('verify', function() {
9393

9494
it('should not error on expired token within clockTolerance interval', function (done) {
9595
clock = sinon.useFakeTimers(1437018584000);
96-
var options = {algorithms: ['HS256'], clockTolerance: 100};
96+
var options = {algorithms: ['HS256'], clockTolerance: 100}
9797

9898
jwt.verify(token, key, options, function (err, p) {
9999
assert.isNull(err);

verify.js

+7-1
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,13 @@ module.exports = function (jwtString, secretOrPublicKey, options, callback) {
9696
if (!valid)
9797
return done(new JsonWebTokenError('invalid signature'));
9898

99-
var payload=decodedToken.payload;
99+
var payload;
100+
101+
try {
102+
payload = decode(jwtString);
103+
} catch(err) {
104+
return done(err);
105+
}
100106

101107
if (typeof payload.nbf !== 'undefined' && !options.ignoreNotBefore) {
102108
if (typeof payload.nbf !== 'number') {

0 commit comments

Comments
 (0)