@carecard/auth-util 3.0.1 → 3.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/jwtUtilAuth.js +42 -24
  2. package/lib/stringUtilAuth.js +3 -6
  3. package/package.json +1 -1
package/lib/jwtUtilAuth.js CHANGED
@@ -17,10 +17,11 @@ const _assembleJwt = ( headerBase64, payloadBase64, signatureBase64 ) => {
17
17
  * @param headerObject
18
18
  * @returns {{alg: string, typ: string}}
19
19
  */
20
- const normalizeHeader = (headerObject ) => {
21
- headerObject.alg = headerObject.alg || 'EdDSA';
22
- headerObject.typ = 'JWT';
23
- return headerObject;
20
+ const normalizeHeader = ( headerObject ) => {
21
+ const header = { ...headerObject };
22
+ header.alg = header.alg || 'EdDSA';
23
+ header.typ = 'JWT';
24
+ return header;
24
25
  };
25
26
 
26
27
  /**
@@ -28,27 +29,30 @@ const normalizeHeader = (headerObject ) => {
28
29
  * @param payloadObject
29
30
  * @returns {*}
30
31
  */
31
- const normalizePayload = (payloadObject ) => {
32
+ const normalizePayload = ( payloadObject ) => {
33
+ const payload = { ...payloadObject };
32
34
  const now = Math.floor( Date.now() / 1000 );
33
35
  const fieldsToNormalize = [ 'iat', 'exp', 'nbf', 'auth_time' ];
34
36
  const msThreshold = 1000000000000;
35
37
 
36
- if ( !payloadObject.iat ) {
37
- payloadObject.iat = now;
38
+ if ( !payload.iat ) {
39
+ payload.iat = now;
38
40
  }
39
41
 
40
42
  fieldsToNormalize.forEach( field => {
41
- if ( payloadObject[ field ] && payloadObject[ field ] > msThreshold ) {
42
- payloadObject[ field ] = Math.floor( payloadObject[ field ] / 1000 );
43
+ if ( payload[ field ] && payload[ field ] > msThreshold ) {
44
+ payload[ field ] = Math.floor( payload[ field ] / 1000 );
43
45
  }
44
46
  } );
45
47
 
46
- if ( !payloadObject.exp ) {
48
+ if ( !payload.exp ) {
47
49
  // Default 1 hour expiration if not provided
48
- payloadObject.exp = payloadObject.iat + 3600;
50
+ payload.exp = payload.iat + 3600;
51
+ } else if ( payload.exp > msThreshold ) {
52
+ payload.exp = Math.floor( payload.exp / 1000 );
49
53
  }
50
54
 
51
- return payloadObject;
55
+ return payload;
52
56
  };
53
57
 
54
58
  /**
@@ -69,14 +73,18 @@ const _splitJwtInToHeaderPayloadSignature = ( jwt ) => {
69
73
  */
70
74
  const createSignedJwtFromObject = ( headerObject, payloadObject, privateKey ) => {
71
75
  try {
72
- headerObject = normalizeHeader( headerObject );
73
- payloadObject = normalizePayload( payloadObject );
76
+ if ( !privateKey ) return null;
74
77
 
75
- const headerBase64UrlSafe = stringUtilAuth.objectToBase64UrlSafeString( headerObject );
76
- const payloadBase64UrlSafe = stringUtilAuth.objectToBase64UrlSafeString( payloadObject );
78
+ const header = normalizeHeader( headerObject );
79
+ const payload = normalizePayload( payloadObject );
80
+
81
+ const headerBase64UrlSafe = stringUtilAuth.objectToBase64UrlSafeString( header );
82
+ const payloadBase64UrlSafe = stringUtilAuth.objectToBase64UrlSafeString( payload );
77
83
  const token = headerBase64UrlSafe + "." + payloadBase64UrlSafe;
78
- const signature = cryptoUtilAuth.createBase64SignatureOfToken( token, privateKey, headerObject.alg );
84
+
85
+ const signature = cryptoUtilAuth.createBase64SignatureOfToken( token, privateKey, header.alg );
79
86
  const urlSafeSignature = stringUtilAuth.makeStringUrlSafe( signature );
87
+
80
88
  return _assembleJwt( headerBase64UrlSafe, payloadBase64UrlSafe, urlSafeSignature );
81
89
  } catch ( error ) {
82
90
  return null;
@@ -91,10 +99,14 @@ const createSignedJwtFromObject = ( headerObject, payloadObject, privateKey ) =>
91
99
  */
92
100
  const verifyJwtSignature = ( jwt, publicKey ) => {
93
101
  try {
94
- const { header, payload, signature } = _splitJwtInToHeaderPayloadSignature( jwt );
95
- const token = header + "." + payload;
102
+ if ( !jwt || !publicKey ) return false;
103
+ const parts = _splitJwtInToHeaderPayloadSignature( jwt );
104
+ if ( !parts ) return false;
105
+ const { header, signature } = parts;
106
+ const token = header + "." + parts.payload;
96
107
  const headerObject = stringUtilAuth.urlSafeBase64ToObject( header );
97
- return cryptoUtilAuth.verifyBase64SignatureOfToken( token, signature, publicKey, headerObject.alg )
108
+ const signatureBase64 = stringUtilAuth.reverseStringUrlSafe( signature );
109
+ return cryptoUtilAuth.verifyBase64SignatureOfToken( token, signatureBase64, publicKey, headerObject.alg )
98
110
  } catch ( error ) {
99
111
  return false;
100
112
  }
@@ -106,10 +118,16 @@ const verifyJwtSignature = ( jwt, publicKey ) => {
106
118
  * @return {{payload: any, header: any}}
107
119
  */
108
120
  const getHeaderPayloadFromJwt = jwt => {
109
- const { header, payload } = _splitJwtInToHeaderPayloadSignature( jwt );
110
- let headerAscii = stringUtilAuth.base64ToAscii( header );
111
- let payloadAscii = stringUtilAuth.base64ToAscii( payload );
112
- return { header: JSON.parse( headerAscii ), payload: JSON.parse( payloadAscii ) }
121
+ try {
122
+ const parts = _splitJwtInToHeaderPayloadSignature( jwt );
123
+ if ( !parts ) return null;
124
+ const { header, payload } = parts;
125
+ let headerObject = stringUtilAuth.urlSafeBase64ToObject( header );
126
+ let payloadObject = stringUtilAuth.urlSafeBase64ToObject( payload );
127
+ return { header: headerObject, payload: payloadObject }
128
+ } catch ( e ) {
129
+ return null;
130
+ }
113
131
  };
114
132
 
115
133
 
package/lib/stringUtilAuth.js CHANGED
@@ -74,6 +74,7 @@ const dollarSignConnectedStringToAlgorithmHashSalt = ( passwordHash ) => {
74
74
  * return null if error
75
75
  */
76
76
  const dotConnectedStringToHeaderPayloadSignature = ( jwt ) => {
77
+ if ( typeof jwt !== 'string' ) return null;
77
78
  const splitJWT = jwt.split( '.' );
78
79
  if ( splitJWT.length !== 3 ) return null;
79
80
  return {
@@ -90,9 +91,7 @@ const dotConnectedStringToHeaderPayloadSignature = ( jwt ) => {
90
91
  * @return {string}
91
92
  */
92
93
  const objectToBase64UrlSafeString = object => {
93
- let stringAscii = JSON.stringify( object );
94
- let base64String = asciiToBase64( stringAscii );
95
- return makeStringUrlSafe( base64String );
94
+ return Buffer.from( JSON.stringify( object ) ).toString( 'base64url' );
96
95
  };
97
96
 
98
97
  /**
@@ -101,9 +100,7 @@ const objectToBase64UrlSafeString = object => {
101
100
  * @return {any}
102
101
  */
103
102
  const urlSafeBase64ToObject = urlSafeBase64String => {
104
- let base64String = reverseStringUrlSafe( urlSafeBase64String );
105
- let stringAscii = base64ToAscii( base64String );
106
- return JSON.parse( stringAscii );
103
+ return JSON.parse( Buffer.from( urlSafeBase64String, 'base64url' ).toString( 'utf8' ) );
107
104
  };
108
105
 
109
106
  module.exports = {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@carecard/auth-util",
3
- "version": "3.0.1",
3
+ "version": "3.0.2",
4
4
  "repository": "https://github.com/CareCard-ca/pkg-auth-util.git",
5
5
  "description": "Auth utility functions",
6
6
  "main": "index.js",