requestProperty support for nested properties

This reverts the behavior to what v6 used to do.
auth0 · Jan 4, 2023 · bbd3606 · bbd3606
1 parent 3c1d5cf
commit bbd3606
Show file tree

Hide file tree

Showing 5 changed files with 74 additions and 10 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -35,9 +35,12 @@
   "dependencies": {
     "@types/jsonwebtoken": "^9",
     "express-unless": "^2.1.3",
-    "jsonwebtoken": "^9.0.0"
+    "jsonwebtoken": "^9.0.0",
+    "lodash.set": "^4.3.2"
   },
   "devDependencies": {
+    "@types/lodash": "^4.14.191",
+    "@types/lodash.set": "^4.3.7",
     "@types/mocha": "^9.1.0",
     "@typescript-eslint/eslint-plugin": "^5.15.0",
     "@typescript-eslint/parser": "^5.15.0",

diff --git a/src/index.ts b/src/index.ts
@@ -1,6 +1,8 @@
-import * as jwt from 'jsonwebtoken';
+import jwt from 'jsonwebtoken';
 import * as express from 'express';
 import { unless } from 'express-unless';
+import set from 'lodash.set';
+
 import { UnauthorizedError } from './errors/UnauthorizedError';
 
 /**
@@ -123,7 +125,7 @@ export const expressjwt = (options: Params) => {
           .map(header => header.trim().toLowerCase())
           .includes('authorization');
         if (hasAuthInAccessControl) {
-          return next();
+          return setImmediate(next);
         }
       }
 
@@ -185,10 +187,10 @@ export const expressjwt = (options: Params) => {
       }
 
       const request = req as Request<jwt.JwtPayload | string>;
-      request[requestProperty] = decodedToken.payload;
-      next();
+      set(request, requestProperty, decodedToken.payload);
+      setImmediate(next);
     } catch (err) {
-      return next(err);
+      setImmediate(next, err);
     }
   };
 

diff --git a/test/jwt.test.ts b/test/jwt.test.ts
@@ -2,7 +2,7 @@
 import * as jwt from 'jsonwebtoken';
 import * as express from 'express';
 import { expressjwt, UnauthorizedError, Request, GetVerificationKey } from '../src';
-import * as assert from 'assert';
+import assert from 'assert';
 
 
 describe('failure tests', function () {
@@ -289,6 +289,21 @@ describe('work tests', function () {
     });
   });
 
+  it('should work with custom and nested request property', function (done) {
+    const secret = 'shhhhhh';
+    const token = jwt.sign({ foo: 'bar' }, secret);
+    const req = {} as Request;
+    const res = {} as express.Response;
+    const requestProperty = 'auth.payload';
+
+    req.headers = {};
+    req.headers.authorization = 'Bearer ' + token;
+    expressjwt({ secret: secret, algorithms: ['HS256'], requestProperty })(req, res, function () {
+      assert.equal(req.auth.payload.foo, 'bar');
+      done();
+    });
+  });
+
   it('should work if authorization header is valid with a buffer secret', function (done) {
     const secret = Buffer.from('AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA', 'base64');
     const token = jwt.sign({ foo: 'bar' }, secret);

diff --git a/tsconfig.json b/tsconfig.json
@@ -3,9 +3,10 @@
     "outDir": "./dist",
     "allowJs": true,
     "target": "es5",
-    "declaration": true
+    "declaration": true,
+    "esModuleInterop": true
   },
   "include": [
     "./src/**/*"
   ]
-}
+}