search

dwyl / hapi-auth-jwt2

:lock: Secure Hapi.js authentication plugin using JSON Web Tokens (JWT) in Headers, URL or Cookies
ISC License
798 stars 126 forks source link

Fix for #328 - treat JWT.decode() null return the same as if it threw an exception #352

Closed rjpcal closed 4 years ago

rjpcal commented 4 years ago

This prevents a custom verify() function from being called with decoded=null, from which the function then has no way to avoid producing a 500 response to the request.

codecov[bot] commented 4 years ago

Codecov Report

Merging #352 into master will not change coverage. The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff            @@
##            master      #352   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            2         2           
  Lines          133       134    +1     
=========================================
+ Hits           133       134    +1
Impacted Files Coverage Ξ”
lib/index.js 100.00% <100.00%> (ΓΈ)

Continue to review full report at Codecov.

Legend - Click here to learn more Ξ” = absolute <relative> (impact), ΓΈ = not affected, ? = missing data Powered by Codecov. Last update 4e168c2...c09fdb2. Read the comment docs.

nelsonic commented 4 years ago

Hi @rjpcal this PR is good. (the code that you have added to index.js makes sense and should fix issue #328) πŸ‘ However I'm confused about the need for the ms package. I would have thought that if it were required for the pre-commit hook, we would have been aware of the need ... πŸ’­ Can you please try removing ms from the package.json and doing rm -rf node_modules followed by npm install and npm test to confirm? πŸ™

rjpcal commented 4 years ago

Thanks for the quick review!

So strange, it did work fine now with ms removed after your suggestion of removing+reinstalling node_modules, and I've updated the branch now with ms removed again. (What had failed the first time was the eslint part of the pre-commit - error message pasted in an earlier comment - and I verified that's now working, just not sure why it failed at first.)

nelsonic commented 4 years ago

@rjpcal hapi-auth-jwt2@10.2.0 contains your update. πŸš€ Thanks again. πŸ₯‡

rjpcal commented 4 years ago

@nelsonic that's great, thank you!

nelsonic commented 4 years ago

@rjpcal you did the work. I just had to merge+publish it. BTW: love it when CTOs still write code. πŸ™Œ

rjpcal commented 4 years ago

πŸ™Œ and I love it too!