askides
commented
4 years ago Updated also test cases for this PR.
Closed askides closed 4 years ago
askides
commented
4 years ago Updated also test cases for this PR.
codecov[bot]
commented
4 years ago Merging #986 into master will decrease coverage by
0.09%. The diff coverage is91.66%.
@@ Coverage Diff @@
## master #986 +/- ##
=========================================
- Coverage 88.97% 88.87% -0.1%
=========================================
Files 137 137
Lines 3755 3767 +12
=========================================
+ Hits 3341 3348 +7
- Misses 414 419 +5| Impacted Files | Coverage Δ | |
|---|---|---|
| lib/policies/jwt/index.js | 100% <ø> (ø) |
:arrow_up: |
| lib/policies/jwt/jwt.js | 90.47% <91.66%> (+0.47%) |
:arrow_up: |
| lib/config/config.js | 89.36% <0%> (-4.26%) |
:arrow_down: |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update a95542b...27ae032. Read the comment docs.
Hello, hope you are well :)
In this PR i've implemented the secretOrKeyProvider method of the passport-jwt library.
The problem is, if i have many users, everyone with a jwt credential associated, is impossible to make requests, because jwt policy permit to set only one secret, or only one key file for all the requests, so if i sign every jwt with its secret, the gateway respond unauthorized.
This implementation permit to the jwt policy to check the secret for each user with the JWT credentials set.
So, now if there aren't set the params secretOrPublicKey and the secretOrPublicKeyFile, this check is triggered.
Renny.