Thream/socketio-jwt
Archived
2
1
Fork 0
Code Issues Pull Requests Releases Activity
295 Commits 2 Branches 18 Tags
27c59c3b0f2b5b189a50bc298d523cb17b1083f9
Commit Graph

68 Commits

Author SHA1 Message Date
Fabian Arndt
27c59c3b0f Fixed auth.required 
Misc:
- Resolved conflicts
- Added test case, to fail if server grants prohibited admin access
- Simplified test logic
- Prevented usage of "var" (used const / let instead)
- Formatting
- Cleanup
- Typos
 2019-10-13 15:52:14 +02:00
ansien12
67cc0fb846 Add a check to make sure provided secret is a string. 
```
const JWTOptions: JwtAuthOptions = {
    secret: process.env.JWT_SECRET as string,
    timeout: 5_000,
    decodedPropertyName: 'decodedToken',
};
```

Without the change I made and the options snipped above where the secret is actualy "undefined" because the .env file wasn't loaded yet you get a really weird situation that's very hard to debug. 

With "undefined" used as secret the client will successfully connect and send its "authenticate" event without a problem. But the server will not do anything. No errors, no timeouts, nothing.
 2019-07-30 22:00:08 +02:00
jeff.smith34r32@gmail.com
196706aef7 Fixed problem with not being able to execute. ALL Tests are now running successfully. 2019-07-24 18:46:06 -07:00
Andrew Kutta
f3becae0a9 update to later version of jsonwebtoken to fix security vulnerabilities - DK/BM 
Changes by Root-Core:
- Whitespaces
- Code-Smells
- Some Deps were devDeps
- Little bug fixes (merge errors)
- etc..
 2019-07-24 21:05:34 +02:00
Mike Beyer
173e02bbfc change auth message [mb] 2019-07-24 20:44:40 +02:00
Andrew Kutta
211f3af592 whitespace 2019-07-24 20:43:18 +02:00
Mathew Woods
ef0983a702 added ability to enforce only header authorization versus query string authorization - DK/MW 2019-07-24 20:35:44 +02:00
Root-Core
17d5669a3e Merge branch 'master' into patch-1 2019-07-24 17:15:04 +02:00
Conrad Sopala
b0cd246794 Merge branch 'master' into typings 2019-07-24 16:03:10 +02:00
Root-Core
1e47810c98 Fixed merge error 
data was renamed to socket
 2019-07-24 15:55:12 +02:00
Conrad Sopala
a9944c762a Merge branch 'master' into misc 2019-07-23 15:20:05 +02:00
Conrad Sopala
fbae634992 Merge pull request #118 from Root-Core/store-jwt 
Added option to store encoded jwt
 2019-02-28 17:24:38 +01:00
kaisle
eba9925f2a Add cookie support 2018-09-27 10:53:48 +02:00
Root-Core
cc3d6b22b7 Fixed dirty copy and paste mistake.. 2017-04-19 00:01:18 +02:00
Root-Core
025952dcc7 Fixed dirty cherry-pick 2017-04-18 23:56:22 +02:00
Root-Core
d340c81fd5 Added option to store encoded jwt, default "encoded_token" 2017-04-18 23:31:38 +02:00
Root-Core
d2cc8fb514 Renamed "data" to "socket", updated deps 2017-04-18 23:26:47 +02:00
Root-Core
72f3846fcf Added definition file, exported UnauthorizedError 2017-04-18 23:21:07 +02:00
Root-Core
640e8d0ef0 Fix authentication for namespaces #95 
Try to get the token from query string, which is stored in the sockets "handshake" object.

This should fix #95 and be a more elegant (say valid) approach.
 2016-11-22 14:27:04 +01:00
José F. Romaniello
b78156dc91 Merge pull request #69 from Daedalus11069/daedalus11069-patch-optional-async 
Make .disconnect() async call optional
 2016-06-21 14:46:19 +02:00
José F. Romaniello
2d3e292268 Merge pull request #86 from bartlomiej-korpus/master 
fix TypeError when authenticate is sent with null
 2016-06-21 14:35:26 +02:00
Kristóf Poduszló
729d5530be Added ability to use a custom decodedPropertyName 2016-06-15 08:25:40 +02:00
bartlomiej-korpus
64ed562d05 fix TypeError when authenticate is sent with null 2016-05-26 21:12:47 +02:00
Daedalus11069
0fa2cc2590 Make async call of .disconnect() optional 2015-12-25 19:48:58 -08:00
Damian Fortuna
e094d231b2 Add ability to generate secret dynamically 
This allow you to pass a function instead of an string in order to
generate secret based on the new connection features.
 2015-11-18 18:49:55 -03:00
gfetco
170c23306f Validation 
on socket authenticate, should check that the data.token exists and if it is the desired type? 
socket.emit( 'authenticate', {token: {} }); // will crash server if sent from client-side.
 2015-11-01 20:44:25 +01:00
Pieter Jan De Smedt
dac693930b fix(lib/index.js) return auth.success 
Next step would not execute because no function(socket, next) was returned in case of successful verification in the 'one roundtrip' (handshake) approach.
Returning auth.success instead of just executing it solves this.

Fixes #51
 2015-10-08 14:06:33 +02:00
José F. Romaniello
09eea1d043 add tests for namespace configuration 2015-08-31 11:04:13 -03:00
Marcel Chastain
43f7427407 add support for namespace authentication 
fixes #32
 2015-07-18 19:23:02 -07:00
seppen
1ac2a8da44 fixed var name 2015-07-05 19:57:24 +03:00
José F. Romaniello
84cc16cf49 Merge branch 'master' of https://github.com/dbrugne/socketio-jwt into dbrugne-master 
Conflicts:
	lib/index.js
 2015-05-29 09:00:34 -03:00
José F. Romaniello
9b234c44a8 set required defaults to true 2015-05-29 08:52:14 -03:00
José F. Romaniello
f7ecb4ea6f Merge branch 'master' of https://github.com/ddamerell53/socketio-jwt into ddamerell53-master 2015-05-29 08:46:17 -03:00
José F. Romaniello
4cf0651e88 minor 2015-05-17 22:05:00 -03:00
Nikita Gusakov
34c64c73e1 Use native comparison instead of regexp 2015-05-18 03:24:42 +03:00
dbrugne
f5a84eb9bb Add an "additionnal" option (Function(decoded, onSuccess, onError)). When the token is parser and validated the callback is triggered and allow addition of extra logic (e.g. validate the user status against database). 
Improve returned errors.
 2015-05-07 11:49:00 +02:00
dbrugne
346b4d7aa1 Make .disconnect() call asynchronous to allow client to receive error message. 2015-05-06 19:11:16 +02:00
dbrugne
b053356c5e Send 'error' event with error details in case of not received or invalid token. 2015-05-06 17:56:12 +02:00
David Damerell
9389672a9d Added optional authentication and the ability to call another function to further validate the token 
* Optional authentication is useful when you wish to serve both secure and unsecured services via the same server socket
* The ability to specify an additional function to be called to further validate the token is useful when you wish to be able to expire tokens for some reason
 2014-10-24 17:01:53 +01:00
Vadim Kazakov
139843467b add data to UnauthorizedError so that more information can be returned to client 2014-07-16 14:12:18 -06:00
Oscar
29b3882355 Make it look for both kinds of query 
add a check on req.query along with req._query for different versions
 2014-06-06 13:09:06 -05:00
Oscar
452cc19a87 req._query is now req.query 
Not sure exactly when this happened, but i had to make this change for my versions of node/js
 2014-06-06 12:28:11 -05:00
José F. Romaniello
3484a429ed fixed all broken tests with socket.io 1.0, close #10 2014-06-05 15:45:41 -03:00
José F. Romaniello
e8380c10b8 add support for socket.io 1.0 2014-06-03 08:12:07 -03:00
José F. Romaniello
54a33c260c change user to decoded_token 2014-01-14 17:44:03 -03:00
José F. Romaniello
b292ab75af change the API 2014-01-14 08:30:39 -03:00
José F. Romaniello
b0f4354ecb add noqs method 2014-01-13 18:41:10 -03:00
José F. Romaniello
14a34ae380 initial commit after fork of passport-socketio 2014-01-13 16:00:21 -03:00
Screeny
95fb0fba7c emit error on store-error 
this could've saved me some work.
next time i'll better check if redis is online.
 2013-12-03 15:20:14 +01:00
José F. Romaniello
bd0980e3ab Merge pull request #36 from TeamSynergy/cors_workaround 
Cors workaround
 2013-11-21 03:21:46 -08:00