auth0 · Apr 27, 2016 · Apr 27, 2016 · Apr 27, 2016
Showing with 36 additions and 3 deletions.

+15 −0 CHANGELOG.md

+1 −1 package.json

+18 −0 sign.js

+2 −2 test/non_object_values.tests.js
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,21 @@
 All notable changes to this project will be documented in this file starting from version **v4.0.0**.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## 6.0.0 - 2016-04-27
+
+ - Change .sign to standard async callback ([50873c7d45d2733244d5da8afef3d1872e657a60](https://github.com/auth0/node-jsonwebtoken/commit/50873c7d45d2733244d5da8afef3d1872e657a60))
+ - Improved the options for the `sign` method ([53c3987b3cc34e95eb396b26fc9b051276e2f6f9](https://github.com/auth0/node-jsonwebtoken/commit/53c3987b3cc34e95eb396b26fc9b051276e2f6f9))
+
+    -  `expiresInMinutes` and `expiresInSeconds` are deprecated and no longer supported.
+    -  `notBeforeInMinutes` and `notBeforeInSeconds` are deprecated and no longer supported.
+    -  `options` are strongly validated.
+    -  `options.expiresIn`, `options.notBefore`, `options.audience`, `options.issuer`, `options.subject` and `options.jwtid` are mutually exclusive with `payload.exp`, `payload.nbf`, `payload.aud`, `payload.iss`
+    -  `options.algorithm` is properly validated.
+    -  `options.headers` is renamed to `options.header`.
+
+ - update CHANGELOG to reflect most of the changes. closes #136 ([b87a1a8d2e2533fbfab518765a54f00077918eb7](https://github.com/auth0/node-jsonwebtoken/commit/b87a1a8d2e2533fbfab518765a54f00077918eb7)), closes [#136](https://github.com/auth0/node-jsonwebtoken/issues/136)
+ - update readme ([53a88ecf4494e30e1d62a1cf3cc354650349f486](https://github.com/auth0/node-jsonwebtoken/commit/53a88ecf4494e30e1d62a1cf3cc354650349f486))
+
 ## 5.7.0 - 2016-02-16
 
 

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "jsonwebtoken",
-  "version": "6.0.0",
+  "version": "6.0.1",
   "description": "JSON Web Token implementation (symmetric and asymmetric)",
   "main": "index.js",
   "scripts": {

diff --git a/sign.js b/sign.js
@@ -23,6 +23,16 @@ var options_to_payload = {
   'jwtid':    'jti'
 };
 
+var options_for_objects = [
+  'expiresIn',
+  'notBefore',
+  'noTimestamp',
+  'audience',
+  'issuer',
+  'subject',
+  'jwtid',
+];
+
 module.exports = function(payload, secretOrPrivateKey, options, callback) {
   options = options || {};
 
@@ -35,6 +45,14 @@ module.exports = function(payload, secretOrPrivateKey, options, callback) {
     throw new Error('payload is required');
   } else if (typeof payload === 'object') {
     payload = xtend(payload);
+  } else if (typeof payload !== 'object') {
+    var invalid_options = options_for_objects.filter(function (opt) {
+      return typeof options[opt] !== 'undefined';
+    });
+
+    if (invalid_options.length > 0) {
+      throw new Error('invalid ' + invalid_options.join(',') + ' option for ' + (typeof payload ) + ' payload' );
+    }
   }
 
   if (typeof payload.exp !== 'undefined' && typeof options.expiresIn !== 'undefined') {

diff --git a/test/non_object_values.tests.js b/test/non_object_values.tests.js
@@ -11,7 +11,7 @@ describe('non_object_values values', function() {
   });
 
   //v6 version will throw in this case:
-  it.skip('should throw with expiresIn', function () {
+  it('should throw with expiresIn', function () {
     expect(function () {
       jwt.sign('hello', '123', { expiresIn: '12h' });
     }).to.throw(/invalid expiresIn option for string payload/);
@@ -30,4 +30,4 @@ describe('non_object_values values', function() {
     expect(result).to.equal('123');
   });
 
-});
+});