update jsonwebtoken module to fix security issue

2024-07-21 09:38:31 +02:00 · 2014-07-16 20:29:39 -03:00 · 2014-07-16 20:29:39 -03:00 · 9d5abf9e66
commit 9d5abf9e66
parent 870a274be9
2 changed files with 21 additions and 2 deletions
--- a/package.json
+++ b/package.json
@ -22,7 +22,7 @@
  },
  "license": "MIT",
  "dependencies": {
-    "jsonwebtoken": "~0.1.0",
+    "jsonwebtoken": "~0.4.0",
    "xtend": "~2.1.2"
  },
  "devDependencies": {
--- a/test/authorizer.test.js
+++ b/test/authorizer.test.js
@ -16,7 +16,7 @@ describe('authorizer', function () {
      });

      socket.on('error', function(err){
-        err.should.eql("Invalid token: no header in signature 'boooooo'");
+        err.should.eql("jwt malformed");
        done();
      });
    });
@ -47,4 +47,23 @@ describe('authorizer', function () {
    });
  });

+  describe('unsgined token', function() {
+    beforeEach(function () {
+      this.token = 'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.';
+    });
+
+    it('should not do the handshake and connect', function (done){
+      var socket = io.connect('http://localhost:9000', {
+        'forceNew':true,
+        'query': 'token=' + this.token
+      });
+      socket.on('connect', function () {
+        done(new Error('this shouldnt happen'));
+      }).on('error', function (err) {
+        err.should.eql("jwt signature is required");
+        done();
+      });
+    });
+  });
+
 });