CHANGELOG.md

@@ -3,6 +3,31 @@
 All notable changes to this project will be documented in this file starting from version **v4.0.0**.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [4.2.2] - 2015-03-26
+### Fixed
+
+ - [asymmetric-keys] Fix verify for RSAPublicKey formated keys (`jfromaniello - awlayton`)
+  https://github.com/auth0/node-jsonwebtoken/commit/402794663b9521bf602fcc6f2e811e7d3912f9dc
+  https://github.com/auth0/node-jsonwebtoken/commit/8df6aabbc7e1114c8fb3917931078254eb52c222
+
+## [4.2.1] - 2015-03-17
+### Fixed
+
+ - [asymmetric-keys] Fixed issue when public key starts with BEING PUBLIC KEY (https://github.com/auth0/node-jsonwebtoken/issues/70) (`jfromaniello`)
+  https://github.com/auth0/node-jsonwebtoken/commit/7017e74db9b194448ff488b3e16468ada60c4ee5
+
+## [4.2.0] - 2015-03-16
+### Security
+
+ - [asymmetric-keys] Making sure a token signed with an asymmetric key will be verified using a asymmetric key.
+   When the verification part was expecting a token digitally signed with an asymmetric key (RS/ES family) of algorithms an attacker could send a token signed with a symmetric algorithm (HS* family).
+
+  The issue was caused because the same signature was used to verify both type of tokens (`verify` method parameter: `secretOrPublicKey`).
+
+  This change adds a new parameter to the verify called `algorithms`. This can be used to specify a list of supported algorithms, but the default value depends on the secret used: if the secretOrPublicKey contains the string `BEGIN CERTIFICATE` the default is `[ 'RS256','RS384','RS512','ES256','ES384','ES512' ]` otherwise is `[ 'HS256','HS384','HS512' ]`. (`jfromaniello`)
+  https://github.com/auth0/node-jsonwebtoken/commit/c2bf7b2cd7e8daf66298c2d168a008690bc4bdd3
+  https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687
+
 ## [4.1.0] - 2015-03-10
 ### Changed
 - Assume the payload is JSON even when there is no `typ` property. [5290db1](https://github.com/auth0/node-jsonwebtoken/commit/5290db1bd74f74cd38c90b19e2355ef223a4d931)
@@ -17,4 +42,4 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ### Fixed
 - Fix wrong error message when the audience doesn't match. [44e3c8d](https://github.com/auth0/node-jsonwebtoken/commit/44e3c8d757e6b4e2a57a69a035f26b4abec3e327)
 - Fix wrong error message when the issuer doesn't match. [44e3c8d](https://github.com/auth0/node-jsonwebtoken/commit/44e3c8d757e6b4e2a57a69a035f26b4abec3e327)
-- Fix wrong `iat` and `exp` values when signing with `noTimestamp`. [331b7bc](https://github.com/auth0/node-jsonwebtoken/commit/331b7bc9cc335561f8806f2c4558e105cb53e0a6)
+- Fix wrong `iat` and `exp` values when signing with `noTimestamp`. [331b7bc](https://github.com/auth0/node-jsonwebtoken/commit/331b7bc9cc335561f8806f2c4558e105cb53e0a6)

README.md

@@ -75,6 +75,7 @@ encoded public key for RSA and ECDSA.
 
 `options`
 
+* `algorithms`: List of strings with the names of the allowed algorithms. For instance, `["HS256", "HS384"]`.
 * `audience`: if you want to check audience (`aud`), provide a value here
 * `issuer`: if you want to check issuer (`iss`), provide a value here
 
@@ -119,6 +120,12 @@ jwt.verify(token, cert, { audience: 'urn:foo', issuer: 'urn:issuer' }, function(
   // if issuer mismatch, err == invalid issuer
 });
 
+// alg mismatch
+var cert = fs.readFileSync('public.pem'); // get public key
+jwt.verify(token, cert, { algorithms: ['RS256'] }, function (err, payload) {
+  // if token alg != RS256,  err == invalid signature
+});
+
 ```
 
 ### jwt.decode(token [, options])

index.js

@@ -39,7 +39,7 @@ module.exports.sign = function(payload, secretOrPrivateKey, options) {
 
   var timestamp = Math.floor(Date.now() / 1000);
   if (!options.noTimestamp) {
-    payload.iat = timestamp;
+    payload.iat = payload.iat || timestamp;
   }
 
   var expiresInSeconds = options.expiresInMinutes ?
@@ -112,15 +112,27 @@ module.exports.verify = function(jwtString, secretOrPublicKey, options, callback
                          ~secretOrPublicKey.toString().indexOf('BEGIN PUBLIC KEY') ?
                           [ 'RS256','RS384','RS512','ES256','ES384','ES512' ] :
                          ~secretOrPublicKey.toString().indexOf('BEGIN RSA PUBLIC KEY') ?
-							[ 'RS256','RS384','RS512' ] :
-							[ 'HS256','HS384','HS512' ];
+                          [ 'RS256','RS384','RS512' ] :
+                          [ 'HS256','HS384','HS512' ];
 
   }
 
+  var decodedToken = jws.decode(jwtString);
+
+  if (!decodedToken) {
+    return done(new JsonWebTokenError('invalid token'));
+  }
+
+  var header = decodedToken.header;
+
+  if (!~options.algorithms.indexOf(header.alg)) {
+    return done(new JsonWebTokenError('invalid algorithm'));
+  }
+
   var valid;
 
   try {
-    valid = jws.verify(jwtString, secretOrPublicKey);
+    valid = jws.verify(jwtString, header.alg, secretOrPublicKey);
   } catch (e) {
     return done(e);
   }
@@ -136,11 +148,6 @@ module.exports.verify = function(jwtString, secretOrPublicKey, options, callback
     return done(err);
   }
 
-  var header = jws.decode(jwtString).header;
-  if (!~options.algorithms.indexOf(header.alg)) {
-    return done(new JsonWebTokenError('invalid signature'));
-  }
-
   if (typeof payload.exp !== 'undefined' && !options.ignoreExpiration) {
     if (typeof payload.exp !== 'number') {
       return done(new JsonWebTokenError('invalid exp value'));

package.json

@@ -1,6 +1,6 @@
 {
   "name": "jsonwebtoken",
-  "version": "4.2.2",
+  "version": "5.0.0",
   "description": "JSON Web Token implementation (symmetric and asymmetric)",
   "main": "index.js",
   "scripts": {
@@ -19,12 +19,12 @@
     "url": "https://github.com/auth0/node-jsonwebtoken/issues"
   },
   "dependencies": {
-    "jws": "~2.0.0"
+    "jws": "^3.0.0"
   },
   "devDependencies": {
-    "atob": "~1.1.2",
-    "chai": "~1.10.0",
-    "mocha": "~2.1.0"
+    "atob": "^1.1.2",
+    "chai": "^1.10.0",
+    "mocha": "^2.1.0"
   },
   "engines": {
     "npm": ">=1.4.28"

test/jwt.rs.tests.js

@@ -241,7 +241,7 @@ describe('RS256', function() {
       jwt.verify('fruit.fruit.fruit', pub, function(err, decoded) {
         assert.isUndefined(decoded);
         assert.isNotNull(err);
-        assert.equal(err.name, 'Error');
+        assert.equal(err.name, 'JsonWebTokenError');
         done();
       });
     });

test/wrong_alg.tests.js

@@ -11,10 +11,32 @@ var pub = fs.readFileSync(path.join(__dirname, 'pub.pem'), 'utf8');
 
 var TOKEN = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmb28iOiJiYXIiLCJpYXQiOjE0MjY1NDY5MTl9.ETgkTn8BaxIX4YqvUWVFPmum3moNZ7oARZtSBXb_vP4';
 
-describe('signing with pub key as symmetric', function () {
-  it('should not verify', function () {
-    expect(function () {
-      jwt.verify(TOKEN, pub);
-    }).to.throw(JsonWebTokenError, /invalid signature/);
+describe('when setting a wrong `header.alg`', function () {
+
+  describe('signing with pub key as symmetric', function () {
+    it('should not verify', function () {
+      expect(function () {
+        jwt.verify(TOKEN, pub);
+      }).to.throw(JsonWebTokenError, /invalid algorithm/);
+    });
+  });
+
+  describe('signing with pub key as HS256 and whitelisting only RS256', function () {
+    it('should not verify', function () {
+      expect(function () {
+        jwt.verify(TOKEN, pub, {algorithms: ['RS256']});
+      }).to.throw(JsonWebTokenError, /invalid algorithm/);
+    });
   });
-});
+
+  describe('signing with HS256 and checking with HS384', function () {
+    it('should not verify', function () {
+      expect(function () {
+        var token = jwt.sign({foo: 'bar'}, 'secret', {algorithm: 'HS256'});
+        jwt.verify(token, 'some secret', {algorithms: ['HS384']});
+      }).to.throw(JsonWebTokenError, /invalid algorithm/);
+    });
+  });
+
+
+});