search

auth0 / node-jwa

JSON Web Algorithms
http://tools.ietf.org/id/draft-ietf-jose-json-web-algorithms-08.html
MIT License
98 stars 42 forks source link

Strange algorithms are accepted #9

Closed hidekiy closed 8 years ago

hidekiy commented 8 years ago 
>npm ls --depth=0
C:\Users\Hideki\Desktop\test
└── jwa@1.1.0

>node -v
v4.1.2
> var jwa=require('jwa')
undefined
> jwa
[Function: jwa]
> jwa('hs256').sign('','')
'thNnmggU2ex3L5XXeMNfxf8Wl8STcVZTxscSFEKSxa0'
> jwa('ahs256b').sign('','')
'thNnmggU2ex3L5XXeMNfxf8Wl8STcVZTxscSFEKSxa0'
> jwa('none').sign('','')
''
> jwa('anoneb').sign('','')
''
> jwa('none256').sign('','')
''
> jwa('').sign('','')
TypeError: "" is not a valid algorithm.
  Supported algorithms are:
  "HS256", "HS384", "HS512", "RS256", "RS384", "RS512" and "none".
    at typeError (C:\Users\Hideki\Desktop\test\node_modules\jwa\index.js:15:10)
    at jwa (C:\Users\Hideki\Desktop\test\node_modules\jwa\index.js:116:11)
    at repl:1:1
    at REPLServer.defaultEval (repl.js:164:27)
    at bound (domain.js:250:14)
    at REPLServer.runBound [as eval] (domain.js:263:12)
    at REPLServer.<anonymous> (repl.js:393:12)
    at emitOne (events.js:82:20)
    at REPLServer.emit (events.js:169:7)
    at REPLServer.Interface._onLine (readline.js:210:10)
omsmith commented 8 years ago

Published in 1.1.1. Thanks for the report

hidekiy commented 8 years ago

Very fast to close. Thanks, too.