auth0 · Jul 29, 2016 · Aug 10, 2016 · Aug 10, 2016 · Aug 10, 2016 · Aug 10, 2016
Showing with 11 additions and 13 deletions.

+4 −0 CHANGELOG.md

+1 −1 package.json

+5 −5 test/verify.tests.js

+1 −7 verify.js
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,10 @@
 All notable changes to this project will be documented in this file starting from version **v4.0.0**.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## 7.1.7 - 2016-07-29
+
+ - Use lodash.once instead of unlicensed/unmaintained cb ([3ac95ad93ef3068a64e03d8d14deff231b1ed529](https://github.com/auth0/node-jsonwebtoken/commit/3ac95ad93ef3068a64e03d8d14deff231b1ed529))
+
 ## 7.1.6 - 2016-07-15
 
  - fix issue with buffer payload. closes #216 ([6b50ff324b4dfd2cb0e49b666f14a6672d015b22](https://github.com/auth0/node-jsonwebtoken/commit/6b50ff324b4dfd2cb0e49b666f14a6672d015b22)), closes [#216](https://github.com/auth0/node-jsonwebtoken/issues/216)

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "jsonwebtoken",
-  "version": "7.1.7",
+  "version": "7.1.8",
   "description": "JSON Web Token implementation (symmetric and asymmetric)",
   "main": "index.js",
   "scripts": {

diff --git a/test/verify.tests.js b/test/verify.tests.js
@@ -11,7 +11,7 @@ describe('verify', function() {
   var priv = fs.readFileSync(path.join(__dirname, 'priv.pem'));
 
   it('should first assume JSON claim set', function (done) {
-    var header = { alg: 'RS256' };
+    var header = { typ: 'JWT', alg: 'RS256' };
     var payload = { iat: Math.floor(Date.now() / 1000 ) };
 
     var signed = jws.sign({
@@ -21,15 +21,15 @@ describe('verify', function() {
         encoding: 'utf8'
     });
 
-    jwt.verify(signed, pub, {typ: 'JWT'}, function(err, p) {
+    jwt.verify(signed, pub, function(err, p) {
       assert.isNull(err);
       assert.deepEqual(p, payload);
       done();
     });
   });
 
   it('should be able to validate unsigned token', function (done) {
-    var header = { alg: 'none' };
+    var header = { typ: 'JWT', alg: 'none' };
     var payload = { iat: Math.floor(Date.now() / 1000 ) };
 
     var signed = jws.sign({
@@ -39,7 +39,7 @@ describe('verify', function() {
       encoding: 'utf8'
     });
 
-    jwt.verify(signed, null, {typ: 'JWT'}, function(err, p) {
+    jwt.verify(signed, null, function(err, p) {
       assert.isNull(err);
       assert.deepEqual(p, payload);
       done();
@@ -93,7 +93,7 @@ describe('verify', function() {
 
     it('should not error on expired token within clockTolerance interval', function (done) {
       clock = sinon.useFakeTimers(1437018584000);
-      var options = {algorithms: ['HS256'], clockTolerance: 100}
+      var options = {algorithms: ['HS256'], clockTolerance: 100};
 
       jwt.verify(token, key, options, function (err, p) {
         assert.isNull(err);

diff --git a/verify.js b/verify.js
@@ -96,13 +96,7 @@ module.exports = function (jwtString, secretOrPublicKey, options, callback) {
   if (!valid)
     return done(new JsonWebTokenError('invalid signature'));
 
-  var payload;
-
-  try {
-    payload = decode(jwtString);
-  } catch(err) {
-    return done(err);
-  }
+  var payload=decodedToken.payload;
 
   if (typeof payload.nbf !== 'undefined' && !options.ignoreNotBefore) {
     if (typeof payload.nbf !== 'number') {