null token is considered expired

neekware · May 21, 2018 · 78d5dfa · 78d5dfa
1 parent 58fea08
commit 78d5dfa
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 12 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 1.0.2
+
+Bugfix:
+
+  - Empty or invalid token is considered expired
+
 ## 1.0.1
 
 Enhancements:

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@nwx/jwt",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/neekware/nwx-jwt.git"

diff --git a/pkgs/jwt/src/jwt.service.ts b/pkgs/jwt/src/jwt.service.ts
@@ -40,18 +40,26 @@ export class JwtService {
    * @returns a payload object or null if decode fails
    */
   getPayload(token: string): any {
-    const parts = token.split('.');
-    if (parts.length !== 3) {
-      this.log.error('JWT must have 3 parts');
-    } else {
-      try {
-        const decoded = Base64.decode(parts[1]);
-        const payload = JSON.parse(decoded);
-        return payload;
-      } catch (e) {
-        this.log.error('Cannot decode the token');
+    let parts = [];
+
+    try {
+      parts = token.split('.');
+      if (parts.length !== 3) {
+        throw Error('JWT must have 3 parts');
       }
+    } catch (e) {
+      this.log.error(e.message);
+      return null;
+    }
+
+    try {
+      const decoded = Base64.decode(parts[1]);
+      const payload = JSON.parse(decoded);
+      return payload;
+    } catch (e) {
+      this.log.error('Cannot decode the token');
     }
+
     return null;
   }
 
@@ -71,7 +79,7 @@ export class JwtService {
       const expired = now > expiry + offset;
       return expired;
     }
-    return false;
+    return true;
   }
 
   /**

diff --git a/pkgs/jwt/tst/jwt.service.spec.ts b/pkgs/jwt/tst/jwt.service.spec.ts
@@ -84,6 +84,26 @@ describe('JwtService', () => {
     })
   );
 
+  it(
+    'should verify expiry on a null token',
+    inject([JwtService], (service: JwtService) => {
+      const token = null;
+      const payload = service.getPayload(token);
+      const isExpired = service.isExpired(payload);
+      expect(isExpired).toBe(true);
+    })
+  );
+
+  it(
+    'should verify expiry on a token with missing parts',
+    inject([JwtService], (service: JwtService) => {
+      const token = 'part1.part2';
+      const payload = service.getPayload(token);
+      const isExpired = service.isExpired(payload);
+      expect(isExpired).toBe(true);
+    })
+  );
+
   it(
     'should verify refresh time on a valid token',
     inject([JwtService], (service: JwtService) => {