1 files changed, 185 insertions, 0 deletions

diff --git a/test/js/third_party/jsonwebtoken/claim-iss.test.js b/test/js/third_party/jsonwebtoken/claim-iss.test.js
new file mode 100644
index 000000000..3b2e9dacf
--- /dev/null
+++ b/test/js/third_party/jsonwebtoken/claim-iss.test.js
@@ -0,0 +1,185 @@
+"use strict";
+
+import jwt from "jsonwebtoken";
+import { expect, describe, it } from "bun:test";
+import util from "util";
+import testUtils from "./test-utils";
+
+function signWithIssuer(issuer, payload, callback) {
+  const options = { algorithm: "HS256" };
+  if (issuer !== undefined) {
+    options.issuer = issuer;
+  }
+  testUtils.signJWTHelper(payload, "secret", options, callback);
+}
+
+describe("issuer", function () {
+  describe('`jwt.sign` "issuer" option validation', function () {
+    [true, false, null, -1, 0, 1, -1.1, 1.1, -Infinity, Infinity, NaN, [], ["foo"], {}, { foo: "bar" }].forEach(
+      issuer => {
+        it(`should error with with value ${util.inspect(issuer)}`, function (done) {
+          signWithIssuer(issuer, {}, err => {
+            testUtils.asyncCheck(done, () => {
+              expect(err).toBeInstanceOf(Error);
+              expect(err).toHaveProperty("message", '"issuer" must be a string');
+            });
+          });
+        });
+      },
+    );
+
+    // undefined needs special treatment because {} is not the same as {issuer: undefined}
+    it("should error with with value undefined", function (done) {
+      testUtils.signJWTHelper({}, "secret", { issuer: undefined, algorithm: "HS256" }, err => {
+        testUtils.asyncCheck(done, () => {
+          expect(err).toBeInstanceOf(Error);
+          expect(err).toHaveProperty("message", '"issuer" must be a string');
+        });
+      });
+    });
+
+    it('should error when "iss" is in payload', function (done) {
+      signWithIssuer("foo", { iss: "bar" }, err => {
+        testUtils.asyncCheck(done, () => {
+          expect(err).toBeInstanceOf(Error);
+          expect(err).toHaveProperty(
+            "message",
+            'Bad "options.issuer" option. The payload already has an "iss" property.',
+          );
+        });
+      });
+    });
+
+    it("should error with a string payload", function (done) {
+      signWithIssuer("foo", "a string payload", err => {
+        testUtils.asyncCheck(done, () => {
+          expect(err).toBeInstanceOf(Error);
+          expect(err).toHaveProperty("message", "invalid issuer option for string payload");
+        });
+      });
+    });
+
+    it("should error with a Buffer payload", function (done) {
+      signWithIssuer("foo", new Buffer("a Buffer payload"), err => {
+        testUtils.asyncCheck(done, () => {
+          expect(err).toBeInstanceOf(Error);
+          expect(err).toHaveProperty("message", "invalid issuer option for object payload");
+        });
+      });
+    });
+  });
+
+  describe("when signing and verifying a token", function () {
+    it('should not verify "iss" if verify "issuer" option not provided', function (done) {
+      signWithIssuer(undefined, { iss: "foo" }, (e1, token) => {
+        testUtils.verifyJWTHelper(token, "secret", {}, (e2, decoded) => {
+          testUtils.asyncCheck(done, () => {
+            expect(e1).toBeNull();
+            expect(e2).toBeNull();
+            expect(decoded).toHaveProperty("iss", "foo");
+          });
+        });
+      });
+    });
+
+    describe('with string "issuer" option', function () {
+      it('should verify with a string "issuer"', function (done) {
+        signWithIssuer("foo", {}, (e1, token) => {
+          testUtils.verifyJWTHelper(token, "secret", { issuer: "foo" }, (e2, decoded) => {
+            testUtils.asyncCheck(done, () => {
+              expect(e1).toBeNull();
+              expect(e2).toBeNull();
+              expect(decoded).toHaveProperty("iss", "foo");
+            });
+          });
+        });
+      });
+
+      it('should verify with a string "iss"', function (done) {
+        signWithIssuer(undefined, { iss: "foo" }, (e1, token) => {
+          testUtils.verifyJWTHelper(token, "secret", { issuer: "foo" }, (e2, decoded) => {
+            testUtils.asyncCheck(done, () => {
+              expect(e1).toBeNull();
+              expect(e2).toBeNull();
+              expect(decoded).toHaveProperty("iss", "foo");
+            });
+          });
+        });
+      });
+
+      it('should error if "iss" does not match verify "issuer" option', function (done) {
+        signWithIssuer(undefined, { iss: "foobar" }, (e1, token) => {
+          testUtils.verifyJWTHelper(token, "secret", { issuer: "foo" }, e2 => {
+            testUtils.asyncCheck(done, () => {
+              expect(e1).toBeNull();
+              expect(e2).toBeInstanceOf(jwt.JsonWebTokenError);
+              expect(e2).toHaveProperty("message", "jwt issuer invalid. expected: foo");
+            });
+          });
+        });
+      });
+
+      it('should error without "iss" and with verify "issuer" option', function (done) {
+        signWithIssuer(undefined, {}, (e1, token) => {
+          testUtils.verifyJWTHelper(token, "secret", { issuer: "foo" }, e2 => {
+            testUtils.asyncCheck(done, () => {
+              expect(e1).toBeNull();
+              expect(e2).toBeInstanceOf(jwt.JsonWebTokenError);
+              expect(e2).toHaveProperty("message", "jwt issuer invalid. expected: foo");
+            });
+          });
+        });
+      });
+    });
+
+    describe('with array "issuer" option', function () {
+      it('should verify with a string "issuer"', function (done) {
+        signWithIssuer("bar", {}, (e1, token) => {
+          testUtils.verifyJWTHelper(token, "secret", { issuer: ["foo", "bar"] }, (e2, decoded) => {
+            testUtils.asyncCheck(done, () => {
+              expect(e1).toBeNull();
+              expect(e2).toBeNull();
+              expect(decoded).toHaveProperty("iss", "bar");
+            });
+          });
+        });
+      });
+
+      it('should verify with a string "iss"', function (done) {
+        signWithIssuer(undefined, { iss: "foo" }, (e1, token) => {
+          testUtils.verifyJWTHelper(token, "secret", { issuer: ["foo", "bar"] }, (e2, decoded) => {
+            testUtils.asyncCheck(done, () => {
+              expect(e1).toBeNull();
+              expect(e2).toBeNull();
+              expect(decoded).toHaveProperty("iss", "foo");
+            });
+          });
+        });
+      });
+
+      it('should error if "iss" does not match verify "issuer" option', function (done) {
+        signWithIssuer(undefined, { iss: "foobar" }, (e1, token) => {
+          testUtils.verifyJWTHelper(token, "secret", { issuer: ["foo", "bar"] }, e2 => {
+            testUtils.asyncCheck(done, () => {
+              expect(e1).toBeNull();
+              expect(e2).toBeInstanceOf(jwt.JsonWebTokenError);
+              expect(e2).toHaveProperty("message", "jwt issuer invalid. expected: foo,bar");
+            });
+          });
+        });
+      });
+
+      it('should error without "iss" and with verify "issuer" option', function (done) {
+        signWithIssuer(undefined, {}, (e1, token) => {
+          testUtils.verifyJWTHelper(token, "secret", { issuer: ["foo", "bar"] }, e2 => {
+            testUtils.asyncCheck(done, () => {
+              expect(e1).toBeNull();
+              expect(e2).toBeInstanceOf(jwt.JsonWebTokenError);
+              expect(e2).toHaveProperty("message", "jwt issuer invalid. expected: foo,bar");
+            });
+          });
+        });
+      });
+    });
+  });
+});