Infrastructure/verdaccio
0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-16 21:56:25 -05:00
Code Issues Activity

refactor: token expire error also should returns anonymous user (#1011)

Browse source
This commit is contained in:
Juan Picado @jotadeveloper 2018-09-22 19:36:05 +02:00 committed by GitHub
parent cf31982127
commit 4cfe996679
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/lib/auth-utils.js
View file

@ -198,6 +198,8 @@ export function parseAESCredentials(
}
}
export const expireReasons: Array<string> = ['JsonWebTokenError', 'TokenExpiredError'];
export function verifyJWTPayload(token: string, secret: string): RemoteUser {
try {
const payload: RemoteUser = (verifyPayload(token, secret): RemoteUser);
@ -205,7 +207,7 @@ export function verifyJWTPayload(token: string, secret: string): RemoteUser {
return payload;
} catch (error) {
// #168 this check should be removed as soon AES encrypt is removed.
if (error.name === 'JsonWebTokenError') {
if (expireReasons.includes(error.name)) {
// it might be possible the jwt configuration is enabled and
// old tokens fails still remains in usage, thus
// we return an anonymous user to force log in.