Merge pull request #47 from lwojcik/master

fix for passing Buffer object as secretOrPublicKey
fastify · Mar 15, 2019 · aa126d4 · aa126d4
2 parents f02aae5 + 659ec40
commit aa126d4
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 4 deletions.
diff --git a/jwt.js b/jwt.js
@@ -30,7 +30,7 @@ function fastifyJwt (fastify, options, next) {
   let secretOrPrivateKey
   let secretOrPublicKey
 
-  if (typeof secret === 'object') {
+  if (typeof secret === 'object' && !Buffer.isBuffer(secret)) {
     if (!secret.private || !secret.public) {
       return next(new Error('missing private key and/or public key'))
     }
@@ -53,15 +53,17 @@ function fastifyJwt (fastify, options, next) {
     signOptions &&
     signOptions.algorithm &&
     signOptions.algorithm.includes('RS') &&
-    typeof secret === 'string'
+    (typeof secret === 'string' ||
+    secret instanceof Buffer)
   ) {
     return next(new Error(`RSA Signatures set as Algorithm in the options require a private and public key to be set as the secret`))
   }
   if (
     signOptions &&
     signOptions.algorithm &&
     signOptions.algorithm.includes('ES') &&
-    typeof secret === 'string'
+    (typeof secret === 'string' ||
+    secret instanceof Buffer)
   ) {
     return next(new Error(`ECDSA Signatures set as Algorithm in the options require a private and public key to be set as the secret`))
   }

diff --git a/test.js b/test.js
@@ -23,7 +23,7 @@ const privateKeyProtectedECDSA = readFileSync(`${path.join(__dirname, 'certs')}/
 const publicKeyProtectedECDSA = readFileSync(`${path.join(__dirname, 'certs')}/publicECDSA.pem`)
 
 test('register', function (t) {
-  t.plan(9)
+  t.plan(11)
 
   t.test('Expose jwt methods', function (t) {
     t.plan(7)
@@ -63,6 +63,16 @@ test('register', function (t) {
     })
   })
 
+  t.test('secret as a Buffer', function (t) {
+    t.plan(1)
+    const fastify = Fastify()
+    fastify.register(jwt, {
+      secret: Buffer.from('some secret', 'base64')
+    }).ready(function (error) {
+      t.is(error, null)
+    })
+  })
+
   t.test('deprecated use of options prefix', function (t) {
     t.plan(1)
     const fastify = Fastify()
@@ -232,6 +242,43 @@ test('register', function (t) {
     })
   })
 
+  t.test('RS/ES algorithm in sign options and secret as a Buffer', function (t) {
+    t.plan(2)
+
+    t.test('RS algorithm (Must return an error)', function (t) {
+      t.plan(1)
+
+      const fastify = Fastify()
+      fastify.register(jwt, {
+        secret: Buffer.from('some secret', 'base64'),
+        sign: {
+          algorithm: 'RS256',
+          audience: 'Some audience',
+          issuer: 'Some issuer',
+          subject: 'Some subject'
+        }
+      }).ready(function (error) {
+        t.is(error.message, 'RSA Signatures set as Algorithm in the options require a private and public key to be set as the secret')
+      })
+    })
+
+    t.test('ES algorithm (Must return an error)', function (t) {
+      t.plan(1)
+      const fastify = Fastify()
+      fastify.register(jwt, {
+        secret: Buffer.from('some secret', 'base64'),
+        sign: {
+          algorithm: 'ES256',
+          audience: 'Some audience',
+          issuer: 'Some issuer',
+          subject: 'Some subject'
+        }
+      }).ready(function (error) {
+        t.is(error.message, 'ECDSA Signatures set as Algorithm in the options require a private and public key to be set as the secret')
+      })
+    })
+  })
+
   t.test('secret as a function', function (t) {
     t.plan(2)