From cdb02ebd8d38fb34406505a8369e23eea32f6059 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A9ter=20Hal=C3=A1sz?= <18699247+peetya@users.noreply.github.com> Date: Mon, 19 Jun 2023 16:00:36 +0200 Subject: [PATCH] fix: replaced - and _ characters in jwt --- src/core/jwt/jwtToken.js | 6 +++++- test/core/jwt/jwtToken/test.js | 8 ++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/core/jwt/jwtToken.js b/src/core/jwt/jwtToken.js index 36d258a8..f9b77dcc 100644 --- a/src/core/jwt/jwtToken.js +++ b/src/core/jwt/jwtToken.js @@ -30,7 +30,11 @@ */ export function parseJwtPayload(token) { try { - return JSON.parse(atob(token.split('.')[1])); + let base64Payload = token.split('.')[1]; + base64Payload = base64Payload.replace(/-/g, '+'); // replace - with + + base64Payload = base64Payload.replace(/_/g, '/'); // replace _ with / + + return JSON.parse(atob(base64Payload)); } catch (e) { return null; } diff --git a/test/core/jwt/jwtToken/test.js b/test/core/jwt/jwtToken/test.js index 3c34352d..963b1b07 100644 --- a/test/core/jwt/jwtToken/test.js +++ b/test/core/jwt/jwtToken/test.js @@ -48,6 +48,14 @@ define(['core/jwt/jwtToken'], jwtToken => { assert.equal(parseJwtPayload(), null, 'missing token returns null'); }); + QUnit.test('parses payload object from full token with unsupported characters', assert => { + assert.expect(2); + const token = 'eyJhbGciOiJIUzI1NiJ9.eyJmb28iOiI_In0.qXbg9lEnmvDekuDfNqiAdqYb3Yx1iTLw7RyUGoz5I9w'; + const result = parseJwtPayload(token); + assert.ok(typeof result === 'object', 'parsed payload is an object'); + assert.equal(result.foo, '?'); + }); + QUnit.module('getJwtTTL'); const time1 = 1620651921250;