Merge branch 'main' into sdlsdl

1 files changed, 135 insertions, 0 deletions

diff --git a/test/js/third_party/jsonwebtoken/claim-jti.test.js b/test/js/third_party/jsonwebtoken/claim-jti.test.js
new file mode 100644
index 000000000..18aa15df8
--- /dev/null
+++ b/test/js/third_party/jsonwebtoken/claim-jti.test.js
@@ -0,0 +1,135 @@
+"use strict";
+
+import jwt from "jsonwebtoken";
+import { expect, describe, it } from "bun:test";
+import util from "util";
+import testUtils from "./test-utils";
+
+function signWithJWTId(jwtid, payload, callback) {
+  const options = { algorithm: "HS256" };
+  if (jwtid !== undefined) {
+    options.jwtid = jwtid;
+  }
+  testUtils.signJWTHelper(payload, "secret", options, callback);
+}
+
+describe("jwtid", function () {
+  describe('`jwt.sign` "jwtid" option validation', function () {
+    [true, false, null, -1, 0, 1, -1.1, 1.1, -Infinity, Infinity, NaN, [], ["foo"], {}, { foo: "bar" }].forEach(
+      jwtid => {
+        it(`should error with with value ${util.inspect(jwtid)}`, function (done) {
+          signWithJWTId(jwtid, {}, err => {
+            testUtils.asyncCheck(done, () => {
+              expect(err).toBeInstanceOf(Error);
+              expect(err).toHaveProperty("message", '"jwtid" must be a string');
+            });
+          });
+        });
+      },
+    );
+
+    // undefined needs special treatment because {} is not the same as {jwtid: undefined}
+    it("should error with with value undefined", function (done) {
+      testUtils.signJWTHelper({}, "secret", { jwtid: undefined, algorithm: "HS256" }, err => {
+        testUtils.asyncCheck(done, () => {
+          expect(err).toBeInstanceOf(Error);
+          expect(err).toHaveProperty("message", '"jwtid" must be a string');
+        });
+      });
+    });
+
+    it('should error when "jti" is in payload', function (done) {
+      signWithJWTId("foo", { jti: "bar" }, err => {
+        testUtils.asyncCheck(done, () => {
+          expect(err).toBeInstanceOf(Error);
+          expect(err).toHaveProperty(
+            "message",
+            'Bad "options.jwtid" option. The payload already has an "jti" property.',
+          );
+        });
+      });
+    });
+
+    it("should error with a string payload", function (done) {
+      signWithJWTId("foo", "a string payload", err => {
+        testUtils.asyncCheck(done, () => {
+          expect(err).toBeInstanceOf(Error);
+          expect(err).toHaveProperty("message", "invalid jwtid option for string payload");
+        });
+      });
+    });
+
+    it("should error with a Buffer payload", function (done) {
+      signWithJWTId("foo", new Buffer("a Buffer payload"), err => {
+        testUtils.asyncCheck(done, () => {
+          expect(err).toBeInstanceOf(Error);
+          expect(err).toHaveProperty("message", "invalid jwtid option for object payload");
+        });
+      });
+    });
+  });
+
+  describe("when signing and verifying a token", function () {
+    it('should not verify "jti" if verify "jwtid" option not provided', function (done) {
+      signWithJWTId(undefined, { jti: "foo" }, (e1, token) => {
+        testUtils.verifyJWTHelper(token, "secret", {}, (e2, decoded) => {
+          testUtils.asyncCheck(done, () => {
+            expect(e1).toBeNull();
+            expect(e2).toBeNull();
+            expect(decoded).toHaveProperty("jti", "foo");
+          });
+        });
+      });
+    });
+
+    describe('with "jwtid" option', function () {
+      it('should verify with "jwtid" option', function (done) {
+        signWithJWTId("foo", {}, (e1, token) => {
+          testUtils.verifyJWTHelper(token, "secret", { jwtid: "foo" }, (e2, decoded) => {
+            testUtils.asyncCheck(done, () => {
+              expect(e1).toBeNull();
+              expect(e2).toBeNull();
+              expect(decoded).toHaveProperty("jti", "foo");
+            });
+          });
+        });
+      });
+
+      it('should verify with "jti" in payload', function (done) {
+        signWithJWTId(undefined, { jti: "foo" }, (e1, token) => {
+          testUtils.verifyJWTHelper(token, "secret", { jetid: "foo" }, (e2, decoded) => {
+            testUtils.asyncCheck(done, () => {
+              expect(e1).toBeNull();
+              expect(e2).toBeNull();
+              expect(decoded).toHaveProperty("jti", "foo");
+            });
+          });
+        });
+      });
+
+      it('should error if "jti" does not match verify "jwtid" option', function (done) {
+        signWithJWTId(undefined, { jti: "bar" }, (e1, token) => {
+          testUtils.verifyJWTHelper(token, "secret", { jwtid: "foo" }, e2 => {
+            testUtils.asyncCheck(done, () => {
+              expect(e1).toBeNull();
+              expect(e2).toBeInstanceOf(jwt.JsonWebTokenError);
+              expect(e2).toHaveProperty("message", "jwt jwtid invalid. expected: foo");
+            });
+          });
+        });
+      });
+
+      it('should error without "jti" and with verify "jwtid" option', function (done) {
+        signWithJWTId(undefined, {}, (e1, token) => {
+          testUtils.verifyJWTHelper(token, "secret", { jwtid: "foo" }, e2 => {
+            testUtils.asyncCheck(done, () => {
+              expect(e1).toBeNull();
+              expect(e2).toBeInstanceOf(jwt.JsonWebTokenError);
+              expect(e2).toHaveProperty("message", "jwt jwtid invalid. expected: foo");
+            });
+          });
+        });
+      });
+    });
+  });
+});