2
1
mirror of https://github.com/Thream/socketio-jwt.git synced 2024-07-21 09:38:31 +02:00

update jsonwebtoken module to fix security issue

This commit is contained in:
José F. Romaniello 2014-07-16 20:29:39 -03:00
parent 870a274be9
commit 9d5abf9e66
2 changed files with 21 additions and 2 deletions

View File

@ -22,7 +22,7 @@
}, },
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"jsonwebtoken": "~0.1.0", "jsonwebtoken": "~0.4.0",
"xtend": "~2.1.2" "xtend": "~2.1.2"
}, },
"devDependencies": { "devDependencies": {

View File

@ -16,7 +16,7 @@ describe('authorizer', function () {
}); });
socket.on('error', function(err){ socket.on('error', function(err){
err.should.eql("Invalid token: no header in signature 'boooooo'"); err.should.eql("jwt malformed");
done(); done();
}); });
}); });
@ -47,4 +47,23 @@ describe('authorizer', function () {
}); });
}); });
describe('unsgined token', function() {
beforeEach(function () {
this.token = 'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.';
});
it('should not do the handshake and connect', function (done){
var socket = io.connect('http://localhost:9000', {
'forceNew':true,
'query': 'token=' + this.token
});
socket.on('connect', function () {
done(new Error('this shouldnt happen'));
}).on('error', function (err) {
err.should.eql("jwt signature is required");
done();
});
});
});
}); });