fix issue with unhandled thrown jwt error

stormpath · Feb 5, 2016 · 7f15db1 · 7f15db1
1 parent 804c509
commit 7f15db1
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 35 deletions.
diff --git a/lib/jwt/jwt-authentication-result.js b/lib/jwt/jwt-authentication-result.js
@@ -28,14 +28,22 @@ function JwtAuthenticationResult(application,data) {
   var apiKey = application.dataStore.requestExecutor.options.client.apiKey;
 
   if(this.accessToken){
-    this.accessToken = nJwt.verify(this.accessToken, apiKey.secret);
-    this.account = {
-      href: this.accessToken.body.sub
-    };
+    try {
+      this.accessToken = nJwt.verify(this.accessToken, apiKey.secret);
+      this.account = {
+        href: this.accessToken.body.sub
+      };
+    } catch (err) {
+      this.error = err;
+    }
   }
 
   if(this.refreshToken){
-    this.refreshToken = nJwt.verify(this.refreshToken, apiKey.secret);
+    try {
+      this.refreshToken = nJwt.verify(this.refreshToken, apiKey.secret);
+    } catch (err) {
+      this.error = err;
+    }
   }
 }
 
@@ -46,6 +54,10 @@ JwtAuthenticationResult.prototype.jwt = null;
 JwtAuthenticationResult.prototype.expandedJwt = null;
 
 JwtAuthenticationResult.prototype.getAccount = function getAccount(callback) {
+  if (this.error) {
+    return callback(this.error);
+  }
+
   // workaround because I don't have access to a stormpath client
   this.application.dataStore.getResource(this.account.href, require('../resource/Account'), callback);
 };

diff --git a/lib/jwt/jwt-authenticator.js b/lib/jwt/jwt-authenticator.js
@@ -36,39 +36,43 @@ JwtAuthenticator.prototype.authenticate = function authenticate(token,cb){
 
   var secret = self.application.dataStore.requestExecutor.options.client.apiKey.secret;
 
-  njwt.verify(token,secret,function(err,jwt){
-    if(err){
-      err.statusCode = 401;
-      cb(err);
-    }else{
-      if(self.localValidation){
-        cb(null, new JwtAuthenticationResult(self.application,{
-          jwt: token,
-          expandedJwt: jwt,
-          localValidation: true,
-          account: {
-            href: jwt.body.sub
-          }
-        }));
-      }else if(jwt.header.kid){
-        // If the KID exists, this was issued by our API
-        var href = self.application.href + '/authTokens/' + token;
-        self.application.dataStore.getResource(href,function(err,response){
-          if(err){
-            cb(err);
-          }else{
-            cb(null, new JwtAuthenticationResult(self.application,response));
-          }
-        });
+  try {
+    njwt.verify(token,secret,function(err,jwt){
+      if(err){
+        err.statusCode = 401;
+        cb(err);
       }else{
+        if(self.localValidation){
+          cb(null, new JwtAuthenticationResult(self.application,{
+            jwt: token,
+            expandedJwt: jwt,
+            localValidation: true,
+            account: {
+              href: jwt.body.sub
+            }
+          }));
+        }else if(jwt.header.kid){
+          // If the KID exists, this was issued by our API
+          var href = self.application.href + '/authTokens/' + token;
+          self.application.dataStore.getResource(href,function(err,response){
+            if(err){
+              cb(err);
+            }else{
+              cb(null, new JwtAuthenticationResult(self.application,response));
+            }
+          });
+        }else{
 
-        // If there is no KID, this means it was
-        // issued by the SDK (not the API) so we have
-        // to do remote validation in a different way
-        throw new Error('not yet implemented - please use application.authenticateApiRequest() instead');
+          // If there is no KID, this means it was
+          // issued by the SDK (not the API) so we have
+          // to do remote validation in a different way
+          throw new Error('not yet implemented - please use application.authenticateApiRequest() instead');
+        }
       }
-    }
-  });
+    });
+  } catch (err) {
+    cb(err);
+  }
 
   return this;
 };