Merge branch 'mt3571-1073-jwt-verify'

This commit is contained in:
n1474335 2021-02-09 14:15:12 +00:00
commit 14d5069c6e
3 changed files with 30 additions and 20 deletions

24
src/core/lib/JWT.mjs Normal file
View File

@ -0,0 +1,24 @@
/**
* JWT resources
*
* @author mt3571 [mt3571@protonmail.com]
* @copyright Crown Copyright 2020
* @license Apache-2.0
*/
/**
* List of the JWT algorithms that can be used
*/
export const JWT_ALGORITHMS = [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"ES512",
"None"
];

View File

@ -3,10 +3,11 @@
* @copyright Crown Copyright 2018 * @copyright Crown Copyright 2018
* @license Apache-2.0 * @license Apache-2.0
*/ */
import Operation from "../Operation.mjs"; import Operation from "../Operation.mjs";
import jwt from "jsonwebtoken"; import jwt from "jsonwebtoken";
import OperationError from "../errors/OperationError.mjs"; import OperationError from "../errors/OperationError.mjs";
import {JWT_ALGORITHMS} from "../lib/JWT.mjs";
/** /**
* JWT Sign operation * JWT Sign operation
@ -34,18 +35,7 @@ class JWTSign extends Operation {
{ {
name: "Signing algorithm", name: "Signing algorithm",
type: "option", type: "option",
value: [ value: JWT_ALGORITHMS
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"ES512",
"None"
]
} }
]; ];
} }

View File

@ -3,10 +3,11 @@
* @copyright Crown Copyright 2018 * @copyright Crown Copyright 2018
* @license Apache-2.0 * @license Apache-2.0
*/ */
import Operation from "../Operation.mjs"; import Operation from "../Operation.mjs";
import jwt from "jsonwebtoken"; import jwt from "jsonwebtoken";
import OperationError from "../errors/OperationError.mjs"; import OperationError from "../errors/OperationError.mjs";
import {JWT_ALGORITHMS} from "../lib/JWT.mjs";
/** /**
* JWT Verify operation * JWT Verify operation
@ -43,12 +44,7 @@ class JWTVerify extends Operation {
const [key] = args; const [key] = args;
try { try {
const verified = jwt.verify(input, key, { algorithms: [ const verified = jwt.verify(input, key, { algorithms: JWT_ALGORITHMS });
"HS256",
"HS384",
"HS512",
"none"
]});
if (Object.prototype.hasOwnProperty.call(verified, "name") && verified.name === "JsonWebTokenError") { if (Object.prototype.hasOwnProperty.call(verified, "name") && verified.name === "JsonWebTokenError") {
throw new OperationError(verified.message); throw new OperationError(verified.message);