npm - passport-jwt-v2 - Versions diffs - 4.0.2 - Mend

passport-jwt-v2 4.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/.github/workflows/ci.yml +20 -0
package/.travis.yml +11 -0
package/LICENSE +22 -0
package/README.md +169 -0
package/docs/migrating.md +70 -0
package/lib/auth_header.js +19 -0
package/lib/extract_jwt.js +134 -0
package/lib/helpers/assign.js +24 -0
package/lib/index.js +10 -0
package/lib/strategy.js +139 -0
package/lib/verify_jwt.js +5 -0
package/package.json +44 -0
package/test/auth_header-test.js +28 -0
package/test/bootstrap.js +3 -0
package/test/extractors-test.js +287 -0
package/test/mock_request.js +10 -0
package/test/strategy-init-test.js +41 -0
package/test/strategy-requests-test.js +124 -0
package/test/strategy-validation-test.js +182 -0
package/test/strategy-verify-test.js +245 -0
package/test/testdata.js +14 -0

package/test/strategy-verify-test.js ADDED Viewed

@@ -0,0 +1,245 @@
+var chai = require('chai')
+    , Strategy = require('../lib/strategy')
+    , test_data = require('./testdata')
+    , sinon = require('sinon')
+    , verify = require('../lib/verify_jwt')
+    , extract_jwt = require('../lib/extract_jwt');
+describe('Strategy', function() {
+    before(function() {
+        Strategy.JwtVerifier = sinon.stub();
+        Strategy.JwtVerifier.callsArgWith(3, null, test_data.valid_jwt.payload);
+    });
+    describe('Handling a request with a valid JWT and succesful verification', function() {
+        var strategy, user, info;
+        before(function(done) {
+            strategy = new Strategy({jwtFromRequest:extract_jwt.fromAuthHeaderAsBearerToken(), secretOrKey: 'secret'}, function(jwt_paylod, next) {
+                return next(null, {user_id: 1234567890}, {foo:'bar'});
+            });
+            chai.passport.use(strategy)
+                .success(function(u, i) {
+                    user = u;
+                    info = i;
+                    done();
+                })
+                .req(function(req) {
+                    req.headers['authorization'] = "bearer " + test_data.valid_jwt.token;
+                })
+                .authenticate();
+        });
+        it('should provide a user', function() {
+            expect(user).to.be.an.object;
+            expect(user.user_id).to.equal(1234567890);
+        });
+        it('should forward info', function() {
+            expect(info).to.be.an.object;
+            expect(info.foo).to.equal('bar');
+        });
+    });
+    describe('handling a request with valid jwt and failed verification', function() {
+        var strategy, info;
+        before(function(done) {
+            strategy = new Strategy({jwtFromRequest: extract_jwt.fromAuthHeaderAsBearerToken(), secretOrKey: 'secret'}, function(jwt_payload, next) {
+                return next(null, false, {message: 'invalid user'});
+            });
+            chai.passport.use(strategy)
+                .fail(function(i) {
+                    info = i;
+                    done();
+                })
+                .req(function(req) {
+                    req.headers['authorization'] = "bearer " + test_data.valid_jwt.token;
+                })
+                .authenticate();
+        });
+        it('should fail with info', function() {
+            expect(info).to.be.an.object;
+            expect(info.message).to.equal('invalid user');
+        });
+    });
+    describe('handling a request with a valid jwt and an error during verification', function() {
+        var strategy, err;
+        before(function(done) {
+            strategy = new Strategy({jwtFromRequest: extract_jwt.fromAuthHeaderAsBearerToken(), secretOrKey: 'secrety'}, function(jwt_payload, next) {
+                return next(new Error("ERROR"), false, {message: 'invalid user'});
+            });
+            chai.passport.use(strategy)
+                .error(function(e) {
+                    err = e;
+                    done();
+                })
+                .req(function(req) {
+                    req.headers['authorization'] = "bearer " + test_data.valid_jwt.token;
+                })
+                .authenticate();
+        });
+        it('should error', function() {
+            expect(err).to.be.an.instanceof(Error);
+            expect(err.message).to.equal('ERROR');
+        });
+    });
+    describe('handling a request with a valid jwt and an exception during verification', function() {
+        var strategy, err;
+        before(function(done) {
+            strategy = new Strategy({jwtFromRequest: extract_jwt.fromAuthHeaderAsBearerToken(), secretOrKey: 'secret'}, function(jwt_payload, next) {
+                throw new Error("EXCEPTION");
+            });
+            chai.passport.use(strategy)
+                .error(function(e) {
+                    err = e;
+                    done();
+                })
+                .req(function(req) {
+                    req.headers['authorization'] = "bearer " + test_data.valid_jwt.token;
+                })
+                .authenticate();
+        });
+        it('should error', function() {
+            expect(err).to.be.an.instanceof(Error);
+            expect(err.message).to.equal('EXCEPTION');
+        });
+    });
+    describe('handling a request with a valid jwt and option passReqToCallback is true', function() {
+        var strategy, expected_request, request_arg;
+        before(function(done) {
+            opts = { passReqToCallback: true };
+            opts.secretOrKey = 'secret';
+            opts.jwtFromRequest = extract_jwt.fromAuthHeaderAsBearerToken();
+            strategy = new Strategy(opts, function(request, jwt_payload, next) {
+                // Capture the value passed in as the request argument
+                request_arg = request;
+                return next(null, {user_id: 1234567890}, {foo:'bar'});
+            });
+            chai.passport.use(strategy)
+                .success(function(u, i) {
+                    done();
+                })
+                .req(function(req) {
+                    req.headers['authorization'] = "bearer " + test_data.valid_jwt.token;
+                    expected_request = req;
+                })
+                .authenticate();
+        });
+        it('will call verify with request as the first argument', function() {
+            expect(expected_request).to.equal(request_arg);
+        });
+    });
+    describe('handling a request when constructed with a secretOrKeyProvider function that succeeds', function() {
+        var strategy, fakeSecretOrKeyProvider, expectedReqeust;
+        before(function(done) {
+            fakeSecretOrKeyProvider =  sinon.spy(function(request, token, done) {
+                done(null, 'secret from callback');
+            });
+            opts = {
+                secretOrKeyProvider: fakeSecretOrKeyProvider,
+                jwtFromRequest: function(request) {
+                    return 'an undecoded jwt string';
+                }
+            }
+            strategy = new Strategy(opts, function(jwtPayload, next) {
+                return next(null, {user_id: 'dont care'}, {});
+            });
+            chai.passport.use(strategy)
+                .success(function(u, i) {
+                    done();
+                })
+                .req(function(req) {
+                    expectedReqeust = req;
+                })
+                .authenticate();
+        });
+        it('should call the fake secret or key provider with the reqeust', function() {
+            expect(fakeSecretOrKeyProvider.calledWith(expectedReqeust, sinon.match.any, sinon.match.any)).to.be.true;
+        });
+        it('should call the secretOrKeyProvider with the undecoded jwt', function() {
+            expect(fakeSecretOrKeyProvider.calledWith(sinon.match.any, 'an undecoded jwt string', sinon.match.any)).to.be.true;
+        });
+        it('should call JwtVerifier with the value returned from secretOrKeyProvider', function() {
+            expect(Strategy.JwtVerifier.calledWith(sinon.match.any, 'secret from callback', sinon.match.any, sinon.match.any)).to.be.true;
+        });
+    });
+    describe('handling a request when constructed with a secretOrKeyProvider function that errors', function() {
+        var errorMessage;
+        before(function(done) {
+            fakeSecretOrKeyProvider =  sinon.spy(function(request, token, done) {
+                done('Error occurred looking for the secret');
+            });
+            opts = {
+                secretOrKeyProvider: fakeSecretOrKeyProvider,
+                jwtFromRequest: function(request) {
+                    return 'an undecoded jwt string';
+                }
+            }
+            strategy = new Strategy(opts, function(jwtPayload, next) {
+                return next(null, {user_id: 'dont care'}, {});
+            });
+            chai.passport.use(strategy)
+                .fail(function(i) {
+                    errorMessage = i;
+                    done();
+                })
+                .authenticate();
+        });
+        it('should fail with the error message from the secretOrKeyProvider', function() {
+            expect(errorMessage).to.equal('Error occurred looking for the secret');
+        });
+    });
+});

package/test/testdata.js ADDED Viewed

@@ -0,0 +1,14 @@
+module.exports = {
+    // Note, this JWT will expire sometime in 2286. If unit tests are failing around this time try
+    // generating a new, valid token :)
+    valid_jwt : {
+        token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjEyMzQ1Njc4OTAsIm5hbWUiOiJKb2huIERvZSIsImlzcyI6ImV4YW1wbGVzb2Z0LmNvbSIsImV4cCI6Ijk5OTk5OTk5OTkifQ.CbpI0TNI-FYXe6p3PgM__jwlz6aCT1qpUBsTVCfWuBM",
+        payload : {
+            "sub": "1234567890",
+            "name": "John Doe",
+            "iss": "examplesoft.com",
+            "exp": "9999999999"
+        },
+        secret: 'secret'
+    }
+};