From a84c57ed294f1dd5bcc4759b38748f1f2e2bd95a Mon Sep 17 00:00:00 2001 From: Andrew Nester Date: Wed, 10 Oct 2018 12:02:50 +0000 Subject: [PATCH] Fixed #500: -Infinity, Infinity and NaN should fail validation --- sign.js | 10 +++++++--- test/claim-exp.test.js | 36 +++--------------------------------- test/claim-iat.test.js | 24 +++--------------------- test/claim-nbf.test.js | 36 +++--------------------------------- 4 files changed, 16 insertions(+), 90 deletions(-) diff --git a/sign.js b/sign.js index c608f4d..fbf5508 100644 --- a/sign.js +++ b/sign.js @@ -23,10 +23,14 @@ var sign_options_schema = { mutatePayload: { isValid: isBoolean, message: '"mutatePayload" must be a boolean' } }; +var isValidNumber = function(value) { + return isNumber(value) && isFinite(value) && !isNaN(value); +}; + var registered_claims_schema = { - iat: { isValid: isNumber, message: '"iat" should be a number of seconds' }, - exp: { isValid: isNumber, message: '"exp" should be a number of seconds' }, - nbf: { isValid: isNumber, message: '"nbf" should be a number of seconds' } + iat: { isValid: isValidNumber , message: '"iat" should be a number of seconds' }, + exp: { isValid: isValidNumber, message: '"exp" should be a number of seconds' }, + nbf: { isValid: isValidNumber, message: '"nbf" should be a number of seconds' } }; function validate(schema, allowUnknown, object, parameterName) { diff --git a/test/claim-exp.test.js b/test/claim-exp.test.js index 816d12e..ea2eed3 100644 --- a/test/claim-exp.test.js +++ b/test/claim-exp.test.js @@ -113,6 +113,9 @@ describe('expires', function() { ['foo'], {}, {foo: 'bar'}, + -Infinity, + Infinity, + NaN, ].forEach((exp) => { it(`should error with with value ${util.inspect(exp)}`, function (done) { signWithExpiresIn(undefined, {exp}, (err) => { @@ -241,39 +244,6 @@ describe('expires', function() { }); }); - // TODO an exp of -Infinity should fail validation - it('should set null "exp" when given -Infinity', function (done) { - signWithExpiresIn(undefined, {exp: -Infinity}, (err, token) => { - const decoded = jwt.decode(token); - testUtils.asyncCheck(done, () => { - expect(err).to.be.null; - expect(decoded).to.have.property('exp', null); - }); - }); - }); - - // TODO an exp of Infinity should fail validation - it('should set null "exp" when given value Infinity', function (done) { - signWithExpiresIn(undefined, {exp: Infinity}, (err, token) => { - const decoded = jwt.decode(token); - testUtils.asyncCheck(done, () => { - expect(err).to.be.null; - expect(decoded).to.have.property('exp', null); - }); - }); - }); - - // TODO an exp of NaN should fail validation - it('should set null "exp" when given value NaN', function (done) { - signWithExpiresIn(undefined, {exp: NaN}, (err, token) => { - const decoded = jwt.decode(token); - testUtils.asyncCheck(done, () => { - expect(err).to.be.null; - expect(decoded).to.have.property('exp', null); - }); - }); - }); - it('should set correct "exp" when "iat" is passed', function (done) { signWithExpiresIn(-10, {iat: 80}, (e1, token) => { testUtils.verifyJWTHelper(token, undefined, {}, (e2, decoded) => { diff --git a/test/claim-iat.test.js b/test/claim-iat.test.js index a1c63ba..1534be4 100644 --- a/test/claim-iat.test.js +++ b/test/claim-iat.test.js @@ -37,6 +37,9 @@ describe('issue at', function() { ['foo'], {}, {foo: 'bar'}, + -Infinity, + Infinity, + NaN, ].forEach((iat) => { it(`should error with iat of ${util.inspect(iat)}`, function (done) { signWithIssueAt(iat, {}, (err) => { @@ -111,27 +114,6 @@ describe('issue at', function() { expectedIssueAt: 100, options: {} }, - // TODO an iat of -Infinity should fail validation - { - description: 'should set null "iat" when given -Infinity', - iat: -Infinity, - expectedIssueAt: null, - options: {} - }, - // TODO an iat of Infinity should fail validation - { - description: 'should set null "iat" when given Infinity', - iat: Infinity, - expectedIssueAt: null, - options: {} - }, - // TODO an iat of NaN should fail validation - { - description: 'should set to current time for "iat" when given value NaN', - iat: NaN, - expectedIssueAt: 60, - options: {} - }, { description: 'should remove default "iat" with "noTimestamp" option', iat: undefined, diff --git a/test/claim-nbf.test.js b/test/claim-nbf.test.js index f36396c..5127203 100644 --- a/test/claim-nbf.test.js +++ b/test/claim-nbf.test.js @@ -113,6 +113,9 @@ describe('not before', function() { ['foo'], {}, {foo: 'bar'}, + -Infinity, + Infinity, + NaN, ].forEach((nbf) => { it(`should error with with value ${util.inspect(nbf)}`, function (done) { signWithNotBefore(undefined, {nbf}, (err) => { @@ -238,39 +241,6 @@ describe('not before', function() { }); }); - // TODO an nbf of -Infinity should fail validation - it('should set null "nbf" when given -Infinity', function (done) { - signWithNotBefore(undefined, {nbf: -Infinity}, (err, token) => { - const decoded = jwt.decode(token); - testUtils.asyncCheck(done, () => { - expect(err).to.be.null; - expect(decoded).to.have.property('nbf', null); - }); - }); - }); - - // TODO an nbf of Infinity should fail validation - it('should set null "nbf" when given value Infinity', function (done) { - signWithNotBefore(undefined, {nbf: Infinity}, (err, token) => { - const decoded = jwt.decode(token); - testUtils.asyncCheck(done, () => { - expect(err).to.be.null; - expect(decoded).to.have.property('nbf', null); - }); - }); - }); - - // TODO an nbf of NaN should fail validation - it('should set null "nbf" when given value NaN', function (done) { - signWithNotBefore(undefined, {nbf: NaN}, (err, token) => { - const decoded = jwt.decode(token); - testUtils.asyncCheck(done, () => { - expect(err).to.be.null; - expect(decoded).to.have.property('nbf', null); - }); - }); - }); - it('should set correct "nbf" when "iat" is passed', function (done) { signWithNotBefore(-10, {iat: 40}, (e1, token) => { testUtils.verifyJWTHelper(token, undefined, {}, (e2, decoded) => {