Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Binary payload is ruined by toString() #50

Closed
sandersaares opened this issue Jun 13, 2016 · 3 comments
Closed

Binary payload is ruined by toString() #50

sandersaares opened this issue Jun 13, 2016 · 3 comments
Labels
bug

Comments

@sandersaares
Copy link

sandersaares commented Jun 13, 2016
edited
Loading

Despite ostensibly supporting a binary payload, the bytes of the payload are mangled by including a toString() call before encoding the payload (sign-stream.js:12).

var encodedPayload = base64url(toString(payload), encoding);

A Buffer is binary data - it is not supposed to be transformed into a string, as strings are not capable of containing arbitrary binary data. Right now, this defect mangles bytes outside some safe range (ASCII?).

Example code:

let jws = require("jws");
let payload = Buffer.from("TkJyotZe8NFpgdfnmgINqg==", "base64");
let secret = Buffer.from("8NRxgIkVxP8LyyXSL4b1dg==", "base64");

console.log(payload);

let token = jws.sign({
    "header": {
        "alg": "HS256"
    },
    "payload": payload,
    "secret": secret
});

console.log(token);

Expected result:

eyJhbGciOiJIUzI1NiJ9.TkJyotZe8NFpgdfnmgINqg.9XilaLN_sXqWFtlUCdAlGI85PCEbJZSIQpakyAle-vo

Actual result:

eyJhbGciOiJIUzI1NiJ9.TkJy_f1e_f1p_f39_QIN_Q.plu4DeDn9-SUCZvoneyACF3PXMc3F7wvb4P5gGKZagQ
@omsmith omsmith added the bug label Jun 13, 2016
@omsmith
Copy link
Collaborator

omsmith commented Jun 13, 2016

Care to test omsmith@f42ed46?

@sandersaares
Copy link
Author

Looks good, thanks for fast action!

@omsmith
Copy link
Collaborator

omsmith commented Jun 16, 2016

Should be able to follow up with actual integration tonight/tomorrow.

omsmith added a commit to omsmith/node-jws that referenced this issue Jun 30, 2016
@omsmith
sign: dont convert input buffers to utf8 strings
59bb374 
binary payloads would get mangled due to the unnecessary string
conversion, which should go the other way around

Fixes: auth0#50
@omsmith omsmith mentioned this issue Jun 30, 2016
Merged
omsmith added a commit to omsmith/node-jws that referenced this issue Jul 21, 2017
@omsmith
sign: dont convert input buffers to utf8 strings
3c9718d 
binary payloads would get mangled due to the unnecessary string
conversion, which should go the other way around

Fixes: auth0#50
@MartinRamm MartinRamm mentioned this issue Oct 6, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@omsmith @sandersaares