diff --git a/test/claim-sub.tests.js b/test/claim-sub.tests.js new file mode 100644 index 0000000..cd7ffac --- /dev/null +++ b/test/claim-sub.tests.js @@ -0,0 +1,107 @@ +'use strict'; + +const jwt = require('../'); +const expect = require('chai').expect; +const util = require('util'); + +function signWithSubject(payload, subject) { + const options = {algorithm: 'none'}; + if (subject !== undefined) { + options.subject = subject; + } + return jwt.sign(payload, undefined, options); +} + +describe('subject', function() { + describe('`jwt.sign` "subject" option validation', function () { + [ + true, + false, + null, + -1, + 0, + 1, + -1.1, + 1.1, + -Infinity, + Infinity, + NaN, + [], + ['foo'], + {}, + {foo: 'bar'}, + ].forEach((subject) => { + it(`should error with with value ${util.inspect(subject)}`, function () { + expect(() => signWithSubject({}, subject)).to.throw('"subject" must be a string'); + }); + }); + + // undefined needs special treatment because {} is not the same as {subject: undefined} + it('should error with with value undefined', function () { + expect(() => jwt.sign({}, undefined, {subject: undefined, algorithm: 'none'})).to.throw( + '"subject" must be a string' + ); + }); + + it('should error when "sub" is in payload', function () { + expect(() => signWithSubject({sub: 'bar'}, 'foo')).to.throw( + 'Bad "options.subject" option. The payload already has an "sub" property.' + ); + }); + + + it('should error with a string payload', function () { + expect(() => signWithSubject('a string payload', 'foo')).to.throw( + 'invalid subject option for string payload' + ); + }); + + it('should error with a Buffer payload', function () { + expect(() => signWithSubject(new Buffer('a Buffer payload'), 'foo')).to.throw( + 'invalid subject option for object payload' + ); + }); + }); + + describe('when signing and verifying a token with "subject" option', function () { + it('should verify with a string "subject"', function () { + const token = signWithSubject({}, 'foo'); + const decoded = jwt.decode(token); + const verified = jwt.verify(token, undefined, {subject: 'foo'}); + expect(decoded).to.deep.equal(verified); + expect(decoded.sub).to.equal('foo'); + }); + + it('should verify with a string "sub"', function () { + const token = signWithSubject({sub: 'foo'}); + const decoded = jwt.decode(token); + const verified = jwt.verify(token, undefined, {subject: 'foo'}); + expect(decoded).to.deep.equal(verified); + expect(decoded.sub).to.equal('foo'); + }); + + it('should not verify "sub" if "verify.subject" option not provided', function() { + const token = signWithSubject({sub: 'foo'}); + const decoded = jwt.decode(token); + const verified = jwt.verify(token, undefined); + expect(decoded).to.deep.equal(verified); + expect(decoded.sub).to.equal('foo'); + }); + + it('should error if "sub" does not match "verify.subject" option', function() { + const token = signWithSubject({sub: 'foo'}); + expect(() => jwt.verify(token, undefined, {subject: 'bar'})).to.throw( + jwt.JsonWebTokenError, + 'jwt subject invalid. expected: bar' + ); + }); + + it('should error without "sub" and with "verify.subject" option', function() { + const token = signWithSubject({}); + expect(() => jwt.verify(token, undefined, {subject: 'foo'})).to.throw( + jwt.JsonWebTokenError, + 'jwt subject invalid. expected: foo' + ); + }); + }); +}); diff --git a/test/jwt.asymmetric_signing.tests.js b/test/jwt.asymmetric_signing.tests.js index 27a5212..6951b95 100644 --- a/test/jwt.asymmetric_signing.tests.js +++ b/test/jwt.asymmetric_signing.tests.js @@ -157,42 +157,6 @@ describe('Asymmetric Algorithms', function(){ }); }); - describe('when signing a token with subject', function () { - var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: algorithm, subject: 'subject' }); - - it('should check subject', function (done) { - jwt.verify(token, pub, { subject: 'subject' }, function (err, decoded) { - assert.isNotNull(decoded); - assert.isNull(err); - done(); - }); - }); - - it('should throw when invalid subject', function (done) { - jwt.verify(token, pub, { subject: 'wrongSubject' }, function (err, decoded) { - assert.isUndefined(decoded); - assert.isNotNull(err); - assert.equal(err.name, 'JsonWebTokenError'); - assert.instanceOf(err, jwt.JsonWebTokenError); - done(); - }); - }); - }); - - describe('when signing a token without subject', function () { - var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: algorithm }); - - it('should check subject', function (done) { - jwt.verify(token, pub, { subject: 'subject' }, function (err, decoded) { - assert.isUndefined(decoded); - assert.isNotNull(err); - assert.equal(err.name, 'JsonWebTokenError'); - assert.instanceOf(err, jwt.JsonWebTokenError); - done(); - }); - }); - }); - describe('when signing a token with jwt id', function () { var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: algorithm, jwtid: 'jwtid' }); diff --git a/test/schema.tests.js b/test/schema.tests.js index 30c817a..77592d6 100644 --- a/test/schema.tests.js +++ b/test/schema.tests.js @@ -51,13 +51,6 @@ describe('schema', function() { sign({issuer: 'foo'}); }); - it('should validate subject', function () { - expect(function () { - sign({ subject: 10 }); - }).to.throw(/"subject" must be a string/); - sign({subject: 'foo'}); - }); - it('should validate noTimestamp', function () { expect(function () { sign({ noTimestamp: 10 });