mirror of
https://github.com/usebruno/bruno.git
synced 2026-06-30 16:14:06 +00:00
c997b91698
* added jsonwebtoken as inbuilt library * removed bundling * handle callback in quickjs * chore: tests folder restructure * chore: lint fix --------- Co-authored-by: Sid <siddharth@usebruno.com>
86 lines
2.6 KiB
Plaintext
86 lines
2.6 KiB
Plaintext
meta {
|
|
name: verify with callback err
|
|
type: http
|
|
seq: 2
|
|
}
|
|
|
|
post {
|
|
url: {{host}}/api/echo
|
|
body: none
|
|
auth: inherit
|
|
}
|
|
|
|
tests {
|
|
const jwt = require('jsonwebtoken');
|
|
|
|
const HS_SECRET = 'supersecret';
|
|
|
|
function verifyViaCallback(token, secret, options = {}) {
|
|
return new Promise((resolve, reject) => {
|
|
jwt.verify(token, secret, options, (err, decoded) => {
|
|
if (err) return reject(err);
|
|
resolve(decoded);
|
|
});
|
|
});
|
|
}
|
|
|
|
function createValidToken(payload = { sub: 'user123' }, secret = HS_SECRET) {
|
|
return jwt.sign(payload, secret, { algorithm: 'HS256', expiresIn: '1h' });
|
|
}
|
|
|
|
/* ============================================================
|
|
ERROR TESTS — jwt.verify should call callback with `err`
|
|
============================================================ */
|
|
|
|
test('ERROR (callback) — malformed token', async function () {
|
|
const malformedToken = 'abc.def'; // not a valid JWT
|
|
try {
|
|
await verifyViaCallback(malformedToken, HS_SECRET, { algorithms: ['HS256'] });
|
|
throw new Error('Expected jwt.verify to error via callback');
|
|
} catch (err) {
|
|
expect(err).to.be.instanceOf(Error);
|
|
expect(String(err.message)).to.match(/jwt malformed|invalid token/i);
|
|
}
|
|
});
|
|
|
|
test('ERROR (callback) — invalid signature (wrong secret)', async function () {
|
|
const token = createValidToken(); // signed with HS_SECRET
|
|
try {
|
|
await verifyViaCallback(token, 'wrong_secret', { algorithms: ['HS256'] });
|
|
throw new Error('Expected jwt.verify to error via callback');
|
|
} catch (err) {
|
|
expect(err).to.be.instanceOf(Error);
|
|
expect(String(err.message)).to.match(/invalid signature/i);
|
|
}
|
|
});
|
|
|
|
test('ERROR (callback) — invalid algorithm', async function () {
|
|
const token = createValidToken();
|
|
try {
|
|
// Pass unsupported algorithm intentionally
|
|
await verifyViaCallback(token, HS_SECRET, { algorithms: ['RS256'] });
|
|
throw new Error('Expected jwt.verify to error due to invalid algorithm');
|
|
} catch (err) {
|
|
expect(err).to.be.instanceOf(Error);
|
|
expect(String(err.message)).to.match(/invalid algorithm/i);
|
|
}
|
|
});
|
|
|
|
test('ERROR (callback) — missing secret', async function () {
|
|
const token = createValidToken();
|
|
try {
|
|
await verifyViaCallback(token, undefined, { algorithms: ['HS256'] });
|
|
throw new Error('Expected jwt.verify to error due to missing secret');
|
|
} catch (err) {
|
|
expect(err).to.be.instanceOf(Error);
|
|
expect(String(err.message)).to.match(/secret|key must be provided/i);
|
|
}
|
|
});
|
|
|
|
|
|
}
|
|
|
|
settings {
|
|
encodeUrl: true
|
|
}
|