fix: Throw NotAuthenticated on token verification errors (#1357)

feathersjs · May 15, 2019 · e0120df · e0120df
1 parent f439a9e
commit e0120df
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 5 deletions.
diff --git a/packages/authentication/src/core.ts b/packages/authentication/src/core.ts
@@ -149,7 +149,7 @@ export class AuthenticationBase {
    * @param optsOverride The options to extend the defaults (`configuration.jwtOptions`) with
    * @param secretOverride Use a different secret instead
    */
-  createAccessToken (payload: string | Buffer | object, optsOverride?: SignOptions, secretOverride?: Secret) {
+  async createAccessToken (payload: string | Buffer | object, optsOverride?: SignOptions, secretOverride?: Secret) {
     const { secret, jwtOptions } = this.configuration;
     // Use configuration by default but allow overriding the secret
     const jwtSecret = secretOverride || secret;
@@ -171,7 +171,7 @@ export class AuthenticationBase {
    * @param optsOverride The options to extend the defaults (`configuration.jwtOptions`) with
    * @param secretOverride Use a different secret instead
    */
-  verifyAccessToken (accessToken: string, optsOverride?: JwtVerifyOptions, secretOverride?: Secret) {
+  async verifyAccessToken (accessToken: string, optsOverride?: JwtVerifyOptions, secretOverride?: Secret) {
     const { secret, jwtOptions } = this.configuration;
     const jwtSecret = secretOverride || secret;
     const options = merge({}, jwtOptions, optsOverride);
@@ -183,8 +183,14 @@ export class AuthenticationBase {
       delete options.algorithm;
     }
 
-    // @ts-ignore
-    return verifyJWT(accessToken, jwtSecret, options);
+    try {
+      // @ts-ignore
+      const isValid = await verifyJWT(accessToken, jwtSecret, options);
+
+      return isValid;
+    } catch (error) {
+      throw new NotAuthenticated(error.message, error);
+    }
   }
 
   /**

diff --git a/packages/authentication/test/core.test.ts b/packages/authentication/test/core.test.ts
@@ -365,6 +365,7 @@ describe('authentication/core', () => {
 
           assert.fail('Should never get here');
         } catch (error) {
+          assert.strictEqual(error.name, 'NotAuthenticated');
           assert.ok(/jwt issuer invalid/.test(error.message));
         }
       });
@@ -374,7 +375,10 @@ describe('authentication/core', () => {
           await auth.verifyAccessToken(expiredToken);
           assert.fail('Should never get here');
         } catch (error) {
+          assert.strictEqual(error.name, 'NotAuthenticated');
           assert.strictEqual(error.message, 'jwt expired');
+          assert.strictEqual(error.data.name, 'TokenExpiredError');
+          assert.ok(error.data.expiredAt);
         }
       });
     });

diff --git a/packages/transport-commons/test/socket/index.test.ts b/packages/transport-commons/test/socket/index.test.ts
@@ -138,7 +138,7 @@ describe('@feathersjs/transport-commons', () => {
         }
       });
     });
-    
+
     it('.get without params', done => {
       const socket = new EventEmitter();
-Original file line number
+Diff line change
@@ Expand Up / @@ -138,7 +138,7 @@ describe('@feathersjs/transport-commons', () => { @@
             }
           });
         });
         it('.get without params', done => {
           const socket = new EventEmitter();
@@ Expand Down @@