I have implemented passport-jwt and everything works fine if the client supplies a valid JWT.
In the case when the jwt is malformed, (My example case i removed characters 26-32) whenever a request is made the middleware will just hang there and never get through to the callback.
None of this code is executed as the callback is never reached, and this is before i manipulate the req, so i can not debug very well
// We will use the jwt strategy from the passport-jwt library
let JWTStrategy = new passportJWT.Strategy(strategyOptions, (jwt_payload, next) => {
// Search for user in database
let search_model = new User({id: jwt_payload.id})
winston.debug(`[JWTStrategy] received new jwt with id ${jwt_payload.id}`)
search_model.fetch()
// On success we can validate
.then((fetch_result) => {
// Respond with malformed data if token invalid (forged?)
if (! fetch_result) {
winston.error("[JWTStrategy] No user found with specified id")
return next(null, false, responses.MalformedRequest.message)
}
const user_payload = {
id: jwt_payload.id,
role: jwt_payload.role
}
winston.debug(`[JWTStrategy] User has been found: ${JSON.stringify(user_payload)}`)
// User has been validated
return next(null, user_payload)
})
// If there was an error querying
.catch((err) => {
winston.error("[JWTStrategy] Error authenticating with JWT strategy")
winston.error(err)
// Send an error response
return next(null, false, responses.InternalServerError.message)
})
}
)
I have implemented passport-jwt and everything works fine if the client supplies a valid JWT.
In the case when the jwt is malformed, (My example case i removed characters 26-32) whenever a request is made the middleware will just hang there and never get through to the callback.
None of this code is executed as the callback is never reached, and this is before i manipulate the req, so i can not debug very well