From 3e0525ee9e92801d079a143da9e2f23ab015cca6 Mon Sep 17 00:00:00 2001 From: mt3571 Date: Tue, 1 Dec 2020 13:38:01 +0000 Subject: [PATCH 1/3] Added in a new file to store the list of JWT algorithms that can be used, as this error was occurring due to a mismatch between what you could sign and what you could verify --- src/core/lib/JWT.mjs | 24 ++++++++++++++++++++++++ src/core/operations/JWTSign.mjs | 16 ++++------------ src/core/operations/JWTVerify.mjs | 11 +++++------ 3 files changed, 33 insertions(+), 18 deletions(-) create mode 100644 src/core/lib/JWT.mjs diff --git a/src/core/lib/JWT.mjs b/src/core/lib/JWT.mjs new file mode 100644 index 00000000..6164803a --- /dev/null +++ b/src/core/lib/JWT.mjs @@ -0,0 +1,24 @@ +/** + * DateTime resources. + * + * @author mt3571 [mt3571@protonmail.com] + * @copyright Crown Copyright 2020 + * @license Apache-2.0 + */ + + +/** + * List of the JWT algorithms that can be used + */ +export const JWT_ALGORITHMS = [ + "HS256", + "HS384", + "HS512", + "RS256", + "RS384", + "RS512", + "ES256", + "ES384", + "ES512", + "None" +]; \ No newline at end of file diff --git a/src/core/operations/JWTSign.mjs b/src/core/operations/JWTSign.mjs index d62eb6f6..1d220cf8 100644 --- a/src/core/operations/JWTSign.mjs +++ b/src/core/operations/JWTSign.mjs @@ -8,6 +8,9 @@ import Operation from "../Operation.mjs"; import jwt from "jsonwebtoken"; import OperationError from "../errors/OperationError.mjs"; +import {JWT_ALGORITHMS} from "../lib/JWT.mjs"; + + /** * JWT Sign operation */ @@ -34,18 +37,7 @@ class JWTSign extends Operation { { name: "Signing algorithm", type: "option", - value: [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "ES256", - "ES384", - "ES512", - "None" - ] + value: JWT_ALGORITHMS } ]; } diff --git a/src/core/operations/JWTVerify.mjs b/src/core/operations/JWTVerify.mjs index 996ac2e3..9ee90a4a 100644 --- a/src/core/operations/JWTVerify.mjs +++ b/src/core/operations/JWTVerify.mjs @@ -8,6 +8,9 @@ import Operation from "../Operation.mjs"; import jwt from "jsonwebtoken"; import OperationError from "../errors/OperationError.mjs"; + +import {JWT_ALGORITHMS} from "../lib/JWT.mjs"; + /** * JWT Verify operation */ @@ -43,12 +46,8 @@ class JWTVerify extends Operation { const [key] = args; try { - const verified = jwt.verify(input, key, { algorithms: [ - "HS256", - "HS384", - "HS512", - "none" - ]}); + const verified = jwt.verify(input, key, { algorithms: JWT_ALGORITHMS}); + if (Object.prototype.hasOwnProperty.call(verified, "name") && verified.name === "JsonWebTokenError") { throw new OperationError(verified.message); From 887ea0cf0625f9f954e5ddd19dc71047c08b2105 Mon Sep 17 00:00:00 2001 From: mt3571 Date: Tue, 1 Dec 2020 13:49:34 +0000 Subject: [PATCH 2/3] Changed an incorrect name --- src/core/lib/JWT.mjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/lib/JWT.mjs b/src/core/lib/JWT.mjs index 6164803a..2edd0110 100644 --- a/src/core/lib/JWT.mjs +++ b/src/core/lib/JWT.mjs @@ -1,5 +1,5 @@ /** - * DateTime resources. + * JWT resources * * @author mt3571 [mt3571@protonmail.com] * @copyright Crown Copyright 2020 From 9fdd55c5c67f197712a681625d2278e36c510d3c Mon Sep 17 00:00:00 2001 From: n1474335 Date: Tue, 9 Feb 2021 14:14:59 +0000 Subject: [PATCH 3/3] Tidied up JWT ops --- src/core/lib/JWT.mjs | 2 +- src/core/operations/JWTSign.mjs | 2 -- src/core/operations/JWTVerify.mjs | 7 ++----- 3 files changed, 3 insertions(+), 8 deletions(-) diff --git a/src/core/lib/JWT.mjs b/src/core/lib/JWT.mjs index 2edd0110..fee7fec5 100644 --- a/src/core/lib/JWT.mjs +++ b/src/core/lib/JWT.mjs @@ -21,4 +21,4 @@ export const JWT_ALGORITHMS = [ "ES384", "ES512", "None" -]; \ No newline at end of file +]; diff --git a/src/core/operations/JWTSign.mjs b/src/core/operations/JWTSign.mjs index 1d220cf8..af46908e 100644 --- a/src/core/operations/JWTSign.mjs +++ b/src/core/operations/JWTSign.mjs @@ -3,11 +3,9 @@ * @copyright Crown Copyright 2018 * @license Apache-2.0 */ - import Operation from "../Operation.mjs"; import jwt from "jsonwebtoken"; import OperationError from "../errors/OperationError.mjs"; - import {JWT_ALGORITHMS} from "../lib/JWT.mjs"; diff --git a/src/core/operations/JWTVerify.mjs b/src/core/operations/JWTVerify.mjs index 9ee90a4a..6d334f5b 100644 --- a/src/core/operations/JWTVerify.mjs +++ b/src/core/operations/JWTVerify.mjs @@ -3,14 +3,12 @@ * @copyright Crown Copyright 2018 * @license Apache-2.0 */ - import Operation from "../Operation.mjs"; import jwt from "jsonwebtoken"; import OperationError from "../errors/OperationError.mjs"; - - import {JWT_ALGORITHMS} from "../lib/JWT.mjs"; + /** * JWT Verify operation */ @@ -46,8 +44,7 @@ class JWTVerify extends Operation { const [key] = args; try { - const verified = jwt.verify(input, key, { algorithms: JWT_ALGORITHMS}); - + const verified = jwt.verify(input, key, { algorithms: JWT_ALGORITHMS }); if (Object.prototype.hasOwnProperty.call(verified, "name") && verified.name === "JsonWebTokenError") { throw new OperationError(verified.message);