Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jwt.verify fails to throw error for expired tokens #370

Closed
Teebo opened this issue Jul 13, 2017 · 5 comments
Closed

jwt.verify fails to throw error for expired tokens #370

Teebo opened this issue Jul 13, 2017 · 5 comments

Comments

@Teebo
Copy link

Teebo commented Jul 13, 2017

I am creating a jwt like this:
return jwt.sign({ some_key: some_value }, Authentication.secret, { expiresIn: '1s'});

And verifying it like:

jwt.verify(token, Authentication.secret, (err, result) => { if (err) { return res.status(400).send('Failed'); } return next(); }); }

When I log the decoded results, I can see something like:

iat: 1499970792, exp: 1499970793

which looks fine I suppose, I have checked whether the token I am sending to the client is the same as the one I am verifying, all looks good..but the middleware proceeds with next(), am I missing something here?
@z2oh
Copy link

z2oh commented Jul 19, 2017

I used the following line:

jwt.verify(token, secret, (err, result) => { return res.status(200).send({ err: err, result: result, }); });

on an expired token and got this result:

{
    "err": {
        "name": "TokenExpiredError",
        "message": "jwt expired",
        "expiredAt": "2017-07-19T17:08:44.000Z"
    }
}

On a non-expired token, I got this result:

{
    "err": null,
    "result": {
        "data": "data",
        "iat": 1500484656,
        "exp": 1500916656
    }
}

which is the expected result. Maybe try logging your err object and seeing what's happening? Perhaps the next() is being called later in your code?

@Teebo
Copy link
Author

Teebo commented Jul 21, 2017
edited
Loading

I am using the next() ... snap! this is how it looks like

return jwt.verify(token, Authentication.secret, (err, result) => { if (err) { console.log("Auth error", err); return res.status(400).send('Failed on second middleware'); } return next(); });

I guess putting the next() in an else wouldn't cut it?

@Teebo Teebo closed this as completed Jul 21, 2017
@Teebo Teebo reopened this Jul 21, 2017
@z2oh
Copy link

z2oh commented Jul 21, 2017

If wrapping the call to next() in an else works then it is a fine solution, but I would imagine that the return statement should stop execution. Maybe there is something I'm missing, however? Give the else a try and see if that fixes it for you.

@Teebo
Copy link
Author

Teebo commented Jul 22, 2017

@z2oh the return was not needed, thanks

@Teebo Teebo closed this as completed Jul 22, 2017
@khangahs
Copy link

khangahs commented Sep 25, 2022
edited
Loading

I hope this help someone. If you use try catch method, you need to put next() in the try. Ex:
try { jwt.verify(token, "your secret", (err, decode) => { if (err) { return res.status(401).json({error: err.message}); } req.user = decode; return next(); // !important, you need this here to run. }); } catch (err) { return res.status(500).send({ message: err.message }); }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@z2oh @Teebo @khangahs