divlo
2e5d281f46
chore: initial commit
2020-12-27 17:25:44 +01:00
Sebastian Kalinowski
e7c826735c
Pass token header to secret fetching function
...
Depending of function arity pass decoded header of the token.
This is to allow backward compatibilty.
2020-01-21 09:41:27 +01:00
kerollos
0f3aadfccc
Add customDecoded optional function
...
customDecoded enables you to change the value of the decoded token. the decoded token is passed to the function and you can you do whatever you want with the decoded token and return it to be changed.
2019-10-28 01:32:06 +02:00
Fabian Arndt
8c9a31a16b
Improved test coverage
...
- Added tests for handshakes in namespaces (one roundtrip)
- Replaced misleading 'handshake' with 'authentication', where the second roundtrip is used
2019-10-15 12:54:02 +02:00
Fabian Arndt
e66148fbb2
Workaround for node 4
2019-10-14 04:13:25 +02:00
Fabian Arndt
8f2b55a7aa
Fixed travis
...
- Tests against Node 4, 8, 10, 12 and newest
Modernized:
- Use arrow functions
- Use string templates in examples and some code
- Use single quote for strings
2019-10-14 01:46:30 +02:00
Fabian Arndt
93e6b59710
Merged with master
2019-10-13 15:55:36 +02:00
Fabian Arndt
27c59c3b0f
Fixed auth.required
...
Misc:
- Resolved conflicts
- Added test case, to fail if server grants prohibited admin access
- Simplified test logic
- Prevented usage of "var" (used const / let instead)
- Formatting
- Cleanup
- Typos
2019-10-13 15:52:14 +02:00
Root-Core
31c0a24c87
Semicolon
2019-10-08 19:13:30 +02:00
Fabian Arndt
3f980a5c71
Fixed regressions of b0cd246 and 3128fdf
...
3128fdf:
- Secret can be a string or function
- Compatibility with older node versions
b0cd246:
- Fixed dependencies
2019-10-08 18:56:18 +02:00
ansien12
67cc0fb846
Add a check to make sure provided secret is a string.
...
```
const JWTOptions: JwtAuthOptions = {
secret: process.env.JWT_SECRET as string,
timeout: 5_000,
decodedPropertyName: 'decodedToken',
};
```
Without the change I made and the options snipped above where the secret is actualy "undefined" because the .env file wasn't loaded yet you get a really weird situation that's very hard to debug.
With "undefined" used as secret the client will successfully connect and send its "authenticate" event without a problem. But the server will not do anything. No errors, no timeouts, nothing.
2019-07-30 22:00:08 +02:00
jeff.smith34r32@gmail.com
196706aef7
Fixed problem with not being able to execute. ALL Tests are now running successfully.
2019-07-24 18:46:06 -07:00
Andrew Kutta
f3becae0a9
update to later version of jsonwebtoken to fix security vulnerabilities - DK/BM
...
Changes by Root-Core:
- Whitespaces
- Code-Smells
- Some Deps were devDeps
- Little bug fixes (merge errors)
- etc..
2019-07-24 21:05:34 +02:00
Mike Beyer
173e02bbfc
change auth message [mb]
2019-07-24 20:44:40 +02:00
Andrew Kutta
211f3af592
whitespace
2019-07-24 20:43:18 +02:00
Mathew Woods
ef0983a702
added ability to enforce only header authorization versus query string authorization - DK/MW
2019-07-24 20:35:44 +02:00
Root-Core
17d5669a3e
Merge branch 'master' into patch-1
2019-07-24 17:15:04 +02:00
Conrad Sopala
b0cd246794
Merge branch 'master' into typings
2019-07-24 16:03:10 +02:00
Root-Core
1e47810c98
Fixed merge error
...
data was renamed to socket
2019-07-24 15:55:12 +02:00
Conrad Sopala
a9944c762a
Merge branch 'master' into misc
2019-07-23 15:20:05 +02:00
Conrad Sopala
fbae634992
Merge pull request #118 from Root-Core/store-jwt
...
Added option to store encoded jwt
2019-02-28 17:24:38 +01:00
kaisle
eba9925f2a
Add cookie support
2018-09-27 10:53:48 +02:00
Root-Core
cc3d6b22b7
Fixed dirty copy and paste mistake..
2017-04-19 00:01:18 +02:00
Root-Core
025952dcc7
Fixed dirty cherry-pick
2017-04-18 23:56:22 +02:00
Root-Core
d340c81fd5
Added option to store encoded jwt, default "encoded_token"
2017-04-18 23:31:38 +02:00
Root-Core
d2cc8fb514
Renamed "data" to "socket", updated deps
2017-04-18 23:26:47 +02:00
Root-Core
72f3846fcf
Added definition file, exported UnauthorizedError
2017-04-18 23:21:07 +02:00
Root-Core
640e8d0ef0
Fix authentication for namespaces #95
...
Try to get the token from query string, which is stored in the sockets "handshake" object.
This should fix #95 and be a more elegant (say valid) approach.
2016-11-22 14:27:04 +01:00
José F. Romaniello
b78156dc91
Merge pull request #69 from Daedalus11069/daedalus11069-patch-optional-async
...
Make .disconnect() async call optional
2016-06-21 14:46:19 +02:00
José F. Romaniello
2d3e292268
Merge pull request #86 from bartlomiej-korpus/master
...
fix TypeError when authenticate is sent with null
2016-06-21 14:35:26 +02:00
Kristóf Poduszló
729d5530be
Added ability to use a custom decodedPropertyName
2016-06-15 08:25:40 +02:00
bartlomiej-korpus
64ed562d05
fix TypeError when authenticate is sent with null
2016-05-26 21:12:47 +02:00
Daedalus11069
0fa2cc2590
Make async call of .disconnect() optional
2015-12-25 19:48:58 -08:00
Damian Fortuna
e094d231b2
Add ability to generate secret dynamically
...
This allow you to pass a function instead of an string in order to
generate secret based on the new connection features.
2015-11-18 18:49:55 -03:00
gfetco
170c23306f
Validation
...
on socket authenticate, should check that the data.token exists and if it is the desired type?
socket.emit( 'authenticate', {token: {} }); // will crash server if sent from client-side.
2015-11-01 20:44:25 +01:00
Pieter Jan De Smedt
dac693930b
fix(lib/index.js) return auth.success
...
Next step would not execute because no function(socket, next) was returned in case of successful verification in the 'one roundtrip' (handshake) approach.
Returning auth.success instead of just executing it solves this.
Fixes #51
2015-10-08 14:06:33 +02:00
José F. Romaniello
09eea1d043
add tests for namespace configuration
2015-08-31 11:04:13 -03:00
Marcel Chastain
43f7427407
add support for namespace authentication
...
fixes #32
2015-07-18 19:23:02 -07:00
seppen
1ac2a8da44
fixed var name
2015-07-05 19:57:24 +03:00
José F. Romaniello
84cc16cf49
Merge branch 'master' of https://github.com/dbrugne/socketio-jwt into dbrugne-master
...
Conflicts:
lib/index.js
2015-05-29 09:00:34 -03:00
José F. Romaniello
9b234c44a8
set required defaults to true
2015-05-29 08:52:14 -03:00
José F. Romaniello
f7ecb4ea6f
Merge branch 'master' of https://github.com/ddamerell53/socketio-jwt into ddamerell53-master
2015-05-29 08:46:17 -03:00
José F. Romaniello
4cf0651e88
minor
2015-05-17 22:05:00 -03:00
Nikita Gusakov
34c64c73e1
Use native comparison instead of regexp
2015-05-18 03:24:42 +03:00
dbrugne
f5a84eb9bb
Add an "additionnal" option (Function(decoded, onSuccess, onError)). When the token is parser and validated the callback is triggered and allow addition of extra logic (e.g. validate the user status against database).
...
Improve returned errors.
2015-05-07 11:49:00 +02:00
dbrugne
346b4d7aa1
Make .disconnect() call asynchronous to allow client to receive error message.
2015-05-06 19:11:16 +02:00
dbrugne
b053356c5e
Send 'error' event with error details in case of not received or invalid token.
2015-05-06 17:56:12 +02:00
David Damerell
9389672a9d
Added optional authentication and the ability to call another function to further validate the token
...
* Optional authentication is useful when you wish to serve both secure and unsecured services via the same server socket
* The ability to specify an additional function to be called to further validate the token is useful when you wish to be able to expire tokens for some reason
2014-10-24 17:01:53 +01:00
Vadim Kazakov
139843467b
add data to UnauthorizedError so that more information can be returned to client
2014-07-16 14:12:18 -06:00
Oscar
29b3882355
Make it look for both kinds of query
...
add a check on req.query along with req._query for different versions
2014-06-06 13:09:06 -05:00