From 9d5abf9e66a8dfdcb7e8ca71c3222a23db1d5074 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jose=CC=81=20F=2E=20Romaniello?= <jfromaniello@gmail.com>
Date: Wed, 16 Jul 2014 20:29:39 -0300
Subject: [PATCH] update jsonwebtoken module to fix security issue

---
 package.json            |  2 +-
 test/authorizer.test.js | 21 ++++++++++++++++++++-
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index 643cbf6..bd9e200 100644
--- a/package.json
+++ b/package.json
@@ -22,7 +22,7 @@
   },
   "license": "MIT",
   "dependencies": {
-    "jsonwebtoken": "~0.1.0",
+    "jsonwebtoken": "~0.4.0",
     "xtend": "~2.1.2"
   },
   "devDependencies": {
diff --git a/test/authorizer.test.js b/test/authorizer.test.js
index 8890dfb..82e9eff 100644
--- a/test/authorizer.test.js
+++ b/test/authorizer.test.js
@@ -16,7 +16,7 @@ describe('authorizer', function () {
       });
 
       socket.on('error', function(err){
-        err.should.eql("Invalid token: no header in signature 'boooooo'");
+        err.should.eql("jwt malformed");
         done();
       });
     });
@@ -47,4 +47,23 @@ describe('authorizer', function () {
     });
   });
 
+  describe('unsgined token', function() {
+    beforeEach(function () {
+      this.token = 'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.';
+    });
+
+    it('should not do the handshake and connect', function (done){
+      var socket = io.connect('http://localhost:9000', {
+        'forceNew':true,
+        'query': 'token=' + this.token
+      });
+      socket.on('connect', function () {
+        done(new Error('this shouldnt happen'));
+      }).on('error', function (err) {
+        err.should.eql("jwt signature is required");
+        done();
+      });
+    });
+  });
+
 });
\ No newline at end of file