update jsonwebtoken module to fix security issue
This commit is contained in:
parent
870a274be9
commit
9d5abf9e66
@ -22,7 +22,7 @@
|
||||
},
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"jsonwebtoken": "~0.1.0",
|
||||
"jsonwebtoken": "~0.4.0",
|
||||
"xtend": "~2.1.2"
|
||||
},
|
||||
"devDependencies": {
|
||||
|
@ -16,7 +16,7 @@ describe('authorizer', function () {
|
||||
});
|
||||
|
||||
socket.on('error', function(err){
|
||||
err.should.eql("Invalid token: no header in signature 'boooooo'");
|
||||
err.should.eql("jwt malformed");
|
||||
done();
|
||||
});
|
||||
});
|
||||
@ -47,4 +47,23 @@ describe('authorizer', function () {
|
||||
});
|
||||
});
|
||||
|
||||
describe('unsgined token', function() {
|
||||
beforeEach(function () {
|
||||
this.token = 'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.';
|
||||
});
|
||||
|
||||
it('should not do the handshake and connect', function (done){
|
||||
var socket = io.connect('http://localhost:9000', {
|
||||
'forceNew':true,
|
||||
'query': 'token=' + this.token
|
||||
});
|
||||
socket.on('connect', function () {
|
||||
done(new Error('this shouldnt happen'));
|
||||
}).on('error', function (err) {
|
||||
err.should.eql("jwt signature is required");
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
});
|
Reference in New Issue
Block a user