Fix validation issue in isJWT function #2217
Conversation
fix: Ensure isJWT returns false for 2 part invalid JWT tokens Previously, the isJWT function would return true for 2 part invalid JWT tokens. This has been fixed by updating the isJWT function to return false for such tokens.
There was a problem hiding this comment.
https://jwt.io/introduction does indeed mention that a JWT consists of 3 parts split by a dot so this does seem like a correct change to me. Could you add new tests that mark a two-part JWT as invalid?
|
Thank you for your review and feedback on my pull request. I have made the necessary changes to address the issue and will be adding new tests to ensure that the code works as expected. Thank you again for your help! |
Added test case for validating JSON web tokens (JWT)
Removed trailing spaces
|
Hi WikiRiki, I have added test cases for the isJWT validation. Could you please review the changes and let me know if there's anything else that needs to be done? |
|
There are already some tests, could you change them here? validator.js/test/validators.test.js Lines 4669 to 4691 in 9ba1735 |
Refactor tests in isjwt and remove redundant test case
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## master #2217 +/- ##
=======================================
Coverage 99.95% 99.95%
=======================================
Files 107 107
Lines 2405 2405
Branches 604 604
=======================================
Hits 2404 2404
Partials 1 1
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report in Codecov by Sentry. |
|
Hello WikiRiki, |
test/validators.test.js
Outdated
| '$Zs.ewu.su84', | ||
| 'ks64$S/9.dy$§kz.3sd73b', | ||
| 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ', |
There was a problem hiding this comment.
I think this one is redundant, the first one test you added is already 2 parts
There was a problem hiding this comment.
You are right
Removed redundant test in isJWT
|
Now all seems to be good. Is there anything else that needs to be done? please let me know |
|
@profnandaa could you kindly take a look here and merge this? Thanks! |
| @@ -7,7 +7,7 @@ export default function isJWT(str) { | |||
| const dotSplit = str.split('.'); | |||
| const len = dotSplit.length; | |||
|
|
|||
| if (len > 3 || len < 2) { | |||
| if (len !== 3) { | |||
There was a problem hiding this comment.
consider adding reference link eg. https://jwt.io/introduction
There was a problem hiding this comment.
Thanks Chrislemus! for your valuable feedback.
There was a problem hiding this comment.
I suggest adding a reference link for posterity (eg. https://jwt.io/introduction). Otherwise LGTM!
This PR fixes the validation issue in the isJWT function where it was returning true for a 2-part invalid JWT token. The fix is to check for len < 3 instead of len < 2 in the code.
Changes Made:
Updated the validation check for len < 3 in isJWT function
Testing:
Ran unit tests for the isJWT function and verified that it now returns false for 2-part invalid JWT tokens.