fix issue with unhandled thrown jwt error

stormpath · Feb 5, 2016 · 78766ed · 78766ed
1 parent 804c509
commit 78766ed
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 31 deletions.
diff --git a/lib/jwt/jwt-authenticator.js b/lib/jwt/jwt-authenticator.js
@@ -36,39 +36,43 @@ JwtAuthenticator.prototype.authenticate = function authenticate(token,cb){
 
   var secret = self.application.dataStore.requestExecutor.options.client.apiKey.secret;
 
-  njwt.verify(token,secret,function(err,jwt){
-    if(err){
-      err.statusCode = 401;
-      cb(err);
-    }else{
-      if(self.localValidation){
-        cb(null, new JwtAuthenticationResult(self.application,{
-          jwt: token,
-          expandedJwt: jwt,
-          localValidation: true,
-          account: {
-            href: jwt.body.sub
-          }
-        }));
-      }else if(jwt.header.kid){
-        // If the KID exists, this was issued by our API
-        var href = self.application.href + '/authTokens/' + token;
-        self.application.dataStore.getResource(href,function(err,response){
-          if(err){
-            cb(err);
-          }else{
-            cb(null, new JwtAuthenticationResult(self.application,response));
-          }
-        });
+  try {
+    njwt.verify(token,secret,function(err,jwt){
+      if(err){
+        err.statusCode = 401;
+        cb(err);
       }else{
+        if(self.localValidation){
+          cb(null, new JwtAuthenticationResult(self.application,{
+            jwt: token,
+            expandedJwt: jwt,
+            localValidation: true,
+            account: {
+              href: jwt.body.sub
+            }
+          }));
+        }else if(jwt.header.kid){
+          // If the KID exists, this was issued by our API
+          var href = self.application.href + '/authTokens/' + token;
+          self.application.dataStore.getResource(href,function(err,response){
+            if(err){
+              cb(err);
+            }else{
+              cb(null, new JwtAuthenticationResult(self.application,response));
+            }
+          });
+        }else{
 
-        // If there is no KID, this means it was
-        // issued by the SDK (not the API) so we have
-        // to do remote validation in a different way
-        throw new Error('not yet implemented - please use application.authenticateApiRequest() instead');
+          // If there is no KID, this means it was
+          // issued by the SDK (not the API) so we have
+          // to do remote validation in a different way
+          throw new Error('not yet implemented - please use application.authenticateApiRequest() instead');
+        }
       }
-    }
-  });
+    });
+  } catch (err) {
+    cb(err);
+  }
 
   return this;
 };

diff --git a/lib/oauth/refresh-grant.js b/lib/oauth/refresh-grant.js
@@ -37,7 +37,11 @@ OAuthRefreshTokenGrantAuthenticator.prototype.authenticate = function authentica
       if(err){
         return callback(err);
       }
-      callback(null,new OAuthRefreshTokenGrantAuthenticationResult(application,data));
+      try {
+        callback(null,new OAuthRefreshTokenGrantAuthenticationResult(application,data));
+      } catch (err) {
+        callback(err);
+      }
     });
   }
 };