test/js/third_party/jsonwebtoken/schema.test.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

var PS_SUPPORTED = true;
import jwt from "jsonwebtoken";
import { expect, describe, it } from "bun:test";
import fs from "fs";

describe("schema", function () {
  describe("sign options", function () {
    var cert_rsa_priv = fs.readFileSync(__dirname + "/rsa-private.pem");
    var cert_ecdsa_priv = fs.readFileSync(__dirname + "/ecdsa-private.pem");
    var cert_secp384r1_priv = fs.readFileSync(__dirname + "/secp384r1-private.pem");
    var cert_secp521r1_priv = fs.readFileSync(__dirname + "/secp521r1-private.pem");

    function sign(options, secretOrPrivateKey) {
      jwt.sign({ foo: 123 }, secretOrPrivateKey, options);
    }

    it("should validate algorithm", function () {
      expect(function () {
        sign({ algorithm: "foo" }, cert_rsa_priv);
      }).toThrow(/"algorithm" must be a valid string enum value/);
      sign({ algorithm: "none" }, null);
      sign({ algorithm: "RS256" }, cert_rsa_priv);
      sign({ algorithm: "RS384" }, cert_rsa_priv);
      sign({ algorithm: "RS512" }, cert_rsa_priv);
      if (PS_SUPPORTED) {
        sign({ algorithm: "PS256" }, cert_rsa_priv);
        sign({ algorithm: "PS384" }, cert_rsa_priv);
        sign({ algorithm: "PS512" }, cert_rsa_priv);
      }
      sign({ algorithm: "ES256" }, cert_ecdsa_priv);
      sign({ algorithm: "ES384" }, cert_secp384r1_priv);
      sign({ algorithm: "ES512" }, cert_secp521r1_priv);
      sign({ algorithm: "HS256" }, "superSecret");
      sign({ algorithm: "HS384" }, "superSecret");
      sign({ algorithm: "HS512" }, "superSecret");
    });

    it("should validate header", function () {
      expect(function () {
        sign({ header: "foo" }, "superSecret");
      }).toThrow(/"header" must be an object/);
      sign({ header: {} }, "superSecret");
    });

    it("should validate encoding", function () {
      expect(function () {
        sign({ encoding: 10 }, "superSecret");
      }).toThrow(/"encoding" must be a string/);
      sign({ encoding: "utf8" }, "superSecret");
    });

    it("should validate noTimestamp", function () {
      expect(function () {
        sign({ noTimestamp: 10 }, "superSecret");
      }).toThrow(/"noTimestamp" must be a boolean/);
      sign({ noTimestamp: true }, "superSecret");
    });
  });

  describe("sign payload registered claims", function () {
    function sign(payload) {
      jwt.sign(payload, "foo123");
    }

    it("should validate exp", function () {
      expect(function () {
        sign({ exp: "1 monkey" });
      }).toThrow(/"exp" should be a number of seconds/);
      sign({ exp: 10.1 });
    });
  });
});