Empty secret or public key #72

JackuB · 2015-03-30T17:34:57Z

When secret or key fails to load or is not provided, verify can throw error even with callback.

Added check for null and undefined

jtwebman · 2015-04-21T23:29:31Z

index.js

@@ -107,6 +107,9 @@ module.exports.verify = function(jwtString, secretOrPublicKey, options, callback
    return done(new JsonWebTokenError('jwt signature is required'));
  }

+  if (typeof secretOrPublicKey === "undefined" || secretOrPublicKey === null) // secretOrPublicKey can be empty string


Can't we change this to just:

if (!secretOrPublicKey) { return done(new JsonWebTokenError('secret or public key must be provided')); }

@jtwebman I got impression, that key is allowed to have value of '' (empty string).

Seems safer to check even for empty string, updated code.

jfromaniello · 2015-07-15T12:01:37Z

Thank you very much, published as v5.0.4.

JackuB added 3 commits March 30, 2015 19:29

Prevent throw on undefined/null secret

0fdf78d

Removed path from test

d6240e2

Typo

ffe68db

jtwebman reviewed Apr 21, 2015
View reviewed changes

Simplified checking for missing key

f1cffd0

jfromaniello merged commit f1cffd0 into auth0:master Jul 15, 2015

JackuB deleted the empty_secretOrPublicKey branch July 16, 2015 06:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Empty secret or public key #72

Empty secret or public key #72

JackuB commented Mar 30, 2015

jtwebman Apr 21, 2015

JackuB Apr 22, 2015

jfromaniello commented Jul 15, 2015

Empty secret or public key #72

Empty secret or public key #72

Conversation

JackuB commented Mar 30, 2015

jtwebman Apr 21, 2015

Choose a reason for hiding this comment

JackuB Apr 22, 2015

Choose a reason for hiding this comment

jfromaniello commented Jul 15, 2015