Skip to content

Commit

Permalink
Issue #952 fixed rename decode function unsafe_decode to highlight th…
Browse files Browse the repository at this point in the history
…e risk

#952 I have made the changes as per above mentioned in the above comment.
  • Loading branch information
aalu-love committed Dec 30, 2023
1 parent bc28861 commit 60fa6b8
Show file tree
Hide file tree
Showing 13 changed files with 27 additions and 27 deletions.
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -243,7 +243,7 @@ jwt.verify(token, getKey, options, function(err, decoded) {
<details>
<summary><em></em>Need to peek into a JWT without verifying it? (Click to expand)</summary>

### jwt.decode(token [, options])
### jwt.unsafe_decode(token [, options])

(Synchronous) Returns the decoded payload without verifying if the signature is valid.

Expand All @@ -263,10 +263,10 @@ Example

```js
// get the decoded payload ignoring signature, no secretOrPrivateKey needed
var decoded = jwt.decode(token);
var decoded = jwt.unsafe_decode(token);

// get the decoded payload and header
var decoded = jwt.decode(token, {complete: true});
var decoded = jwt.unsafe_decode(token, {complete: true});
console.log(decoded.header);
console.log(decoded.payload)
```
Expand Down
2 changes: 1 addition & 1 deletion decode.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ var jws = require('jws');

module.exports = function (jwt, options) {
options = options || {};
var decoded = jws.decode(jwt, options);
var decoded = jws.unsafe_decode(jwt, options);
if (!decoded) { return null; }
var payload = decoded.payload;

Expand Down
2 changes: 1 addition & 1 deletion test/async_sign.tests.js
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ describe('signing a token asynchronously', function() {
it('should not stringify the payload', function (done) {
jwt.sign('string', 'secret', {}, function (err, token) {
if (err) { return done(err); }
expect(jws.decode(token).payload).to.equal('string');
expect(jws.unsafe_decode(token).payload).to.equal('string');
done();
});
});
Expand Down
2 changes: 1 addition & 1 deletion test/buffer.tests.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,6 @@ describe('buffer payload', function () {
it('should work', function () {
var payload = new Buffer('TkJyotZe8NFpgdfnmgINqg==', 'base64');
var token = jwt.sign(payload, "signing key");
assert.equal(jwt.decode(token), payload.toString());
assert.equal(jwt.unsafe_decode(token), payload.toString());
});
});
6 changes: 3 additions & 3 deletions test/claim-exp.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -234,7 +234,7 @@ describe('expires', function() {
// TODO an exp of -Infinity should fail validation
it('should set null "exp" when given -Infinity', function (done) {
signWithExpiresIn(undefined, {exp: -Infinity}, (err, token) => {
const decoded = jwt.decode(token);
const decoded = jwt.unsafe_decode(token);
testUtils.asyncCheck(done, () => {
expect(err).to.be.null;
expect(decoded).to.have.property('exp', null);
Expand All @@ -245,7 +245,7 @@ describe('expires', function() {
// TODO an exp of Infinity should fail validation
it('should set null "exp" when given value Infinity', function (done) {
signWithExpiresIn(undefined, {exp: Infinity}, (err, token) => {
const decoded = jwt.decode(token);
const decoded = jwt.unsafe_decode(token);
testUtils.asyncCheck(done, () => {
expect(err).to.be.null;
expect(decoded).to.have.property('exp', null);
Expand All @@ -256,7 +256,7 @@ describe('expires', function() {
// TODO an exp of NaN should fail validation
it('should set null "exp" when given value NaN', function (done) {
signWithExpiresIn(undefined, {exp: NaN}, (err, token) => {
const decoded = jwt.decode(token);
const decoded = jwt.unsafe_decode(token);
testUtils.asyncCheck(done, () => {
expect(err).to.be.null;
expect(decoded).to.have.property('exp', null);
Expand Down
6 changes: 3 additions & 3 deletions test/claim-iat.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ describe('issue at', function() {
signWithIssueAt(testCase.iat, testCase.options, (err, token) => {
testUtils.asyncCheck(done, () => {
expect(err).to.be.null;
expect(jwt.decode(token).iat).to.equal(testCase.expectedIssueAt);
expect(jwt.unsafe_decode(token).iat).to.equal(testCase.expectedIssueAt);
});
});
});
Expand Down Expand Up @@ -253,7 +253,7 @@ describe('issue at', function() {
const payload = 'string payload';
const options = {algorithm: 'HS256'};
testUtils.signJWTHelper(payload, 'secret', options, (err, token) => {
const decoded = jwt.decode(token);
const decoded = jwt.unsafe_decode(token);
testUtils.asyncCheck(done, () => {
expect(err).to.be.null;
expect(decoded).to.equal(payload);
Expand All @@ -265,7 +265,7 @@ describe('issue at', function() {
const payload = '{}';
const options = {algorithm: 'HS256', header: {typ: 'JWT'}};
testUtils.signJWTHelper(payload, 'secret', options, (err, token) => {
const decoded = jwt.decode(token);
const decoded = jwt.unsafe_decode(token);
testUtils.asyncCheck(done, () => {
expect(err).to.equal(null);
expect(JSON.stringify(decoded)).to.equal(payload);
Expand Down
6 changes: 3 additions & 3 deletions test/claim-nbf.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,7 @@ describe('not before', function() {
// TODO an nbf of -Infinity should fail validation
it('should set null "nbf" when given -Infinity', function (done) {
signWithNotBefore(undefined, {nbf: -Infinity}, (err, token) => {
const decoded = jwt.decode(token);
const decoded = jwt.unsafe_decode(token);
testUtils.asyncCheck(done, () => {
expect(err).to.be.null;
expect(decoded).to.have.property('nbf', null);
Expand All @@ -242,7 +242,7 @@ describe('not before', function() {
// TODO an nbf of Infinity should fail validation
it('should set null "nbf" when given value Infinity', function (done) {
signWithNotBefore(undefined, {nbf: Infinity}, (err, token) => {
const decoded = jwt.decode(token);
const decoded = jwt.unsafe_decode(token);
testUtils.asyncCheck(done, () => {
expect(err).to.be.null;
expect(decoded).to.have.property('nbf', null);
Expand All @@ -253,7 +253,7 @@ describe('not before', function() {
// TODO an nbf of NaN should fail validation
it('should set null "nbf" when given value NaN', function (done) {
signWithNotBefore(undefined, {nbf: NaN}, (err, token) => {
const decoded = jwt.decode(token);
const decoded = jwt.unsafe_decode(token);
testUtils.asyncCheck(done, () => {
expect(err).to.be.null;
expect(decoded).to.have.property('nbf', null);
Expand Down
2 changes: 1 addition & 1 deletion test/decoding.tests.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ var expect = require('chai').expect;
describe('decoding', function() {

it('should not crash when decoding a null token', function () {
var decoded = jwt.decode("null");
var decoded = jwt.unsafe_decode("null");
expect(decoded).to.equal(null);
});

Expand Down
8 changes: 4 additions & 4 deletions test/header-kid.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ describe('keyid', function() {
it('should not add "kid" header when "keyid" option not provided', function(done) {
signWithKeyId(undefined, {}, (err, token) => {
testUtils.asyncCheck(done, () => {
const decoded = jwt.decode(token, {complete: true});
const decoded = jwt.unsafe_decode(token, {complete: true});
expect(err).to.be.null;
expect(decoded.header).to.not.have.property('kid');
});
Expand All @@ -67,7 +67,7 @@ describe('keyid', function() {
it('should add "kid" header when "keyid" option is provided and an object payload', function(done) {
signWithKeyId('foo', {}, (err, token) => {
testUtils.asyncCheck(done, () => {
const decoded = jwt.decode(token, {complete: true});
const decoded = jwt.unsafe_decode(token, {complete: true});
expect(err).to.be.null;
expect(decoded.header).to.have.property('kid', 'foo');
});
Expand All @@ -77,7 +77,7 @@ describe('keyid', function() {
it('should add "kid" header when "keyid" option is provided and a Buffer payload', function(done) {
signWithKeyId('foo', new Buffer('a Buffer payload'), (err, token) => {
testUtils.asyncCheck(done, () => {
const decoded = jwt.decode(token, {complete: true});
const decoded = jwt.unsafe_decode(token, {complete: true});
expect(err).to.be.null;
expect(decoded.header).to.have.property('kid', 'foo');
});
Expand All @@ -87,7 +87,7 @@ describe('keyid', function() {
it('should add "kid" header when "keyid" option is provided and a string payload', function(done) {
signWithKeyId('foo', 'a string payload', (err, token) => {
testUtils.asyncCheck(done, () => {
const decoded = jwt.decode(token, {complete: true});
const decoded = jwt.unsafe_decode(token, {complete: true});
expect(err).to.be.null;
expect(decoded.header).to.have.property('kid', 'foo');
});
Expand Down
6 changes: 3 additions & 3 deletions test/jwt.asymmetric_signing.tests.js
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@ describe('Asymmetric Algorithms', function() {

describe('when decoding a invalid jwt token', function () {
it('should return null', function (done) {
const payload = jwt.decode('whatever.token');
const payload = jwt.unsafe_decode('whatever.token');
assert.isNull(payload);
done();
});
Expand All @@ -155,14 +155,14 @@ describe('Asymmetric Algorithms', function() {
it('should return the payload', function (done) {
const obj = { foo: 'bar' };
const token = jwt.sign(obj, priv, { algorithm: algorithm });
const payload = jwt.decode(token);
const payload = jwt.unsafe_decode(token);
assert.equal(payload.foo, obj.foo);
done();
});
it('should return the header and payload and signature if complete option is set', function (done) {
const obj = { foo: 'bar' };
const token = jwt.sign(obj, priv, { algorithm: algorithm });
const decoded = jwt.decode(token, { complete: true });
const decoded = jwt.unsafe_decode(token, { complete: true });
assert.equal(decoded.payload.foo, obj.foo);
assert.deepEqual(decoded.header, { typ: 'JWT', alg: algorithm });
assert.ok(typeof decoded.signature == 'string');
Expand Down
2 changes: 1 addition & 1 deletion test/option-complete.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ describe('complete option', function () {
const header = { alg: 'RS256' };
const payload = { iat: Math.floor(Date.now() / 1000 ) };
const signed = jws.sign({ header, payload, secret, encoding: 'utf8' });
const signature = jws.decode(signed).signature;
const signature = jws.unsafe_decode(signed).signature;

[
{
Expand Down
4 changes: 2 additions & 2 deletions test/set_headers.tests.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,13 @@ describe('set header', function() {

it('should add the header', function () {
var token = jwt.sign({foo: 123}, '123', { header: { foo: 'bar' } });
var decoded = jwt.decode(token, {complete: true});
var decoded = jwt.unsafe_decode(token, {complete: true});
expect(decoded.header.foo).to.equal('bar');
});

it('should allow overriding header', function () {
var token = jwt.sign({foo: 123}, '123', { header: { alg: 'HS512' } });
var decoded = jwt.decode(token, {complete: true});
var decoded = jwt.unsafe_decode(token, {complete: true});
expect(decoded.header.alg).to.equal('HS512');
});

Expand Down
2 changes: 1 addition & 1 deletion verify.js
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ module.exports = function (jwtString, secretOrPublicKey, options, callback) {
let decodedToken;

try {
decodedToken = decode(jwtString, { complete: true });
decodedToken = unsafe_decode(jwtString, { complete: true });
} catch(err) {
return done(err);
}
Expand Down

0 comments on commit 60fa6b8

Please sign in to comment.