From cdb02ebd8d38fb34406505a8369e23eea32f6059 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A9ter=20Hal=C3=A1sz?= <18699247+peetya@users.noreply.github.com> Date: Mon, 19 Jun 2023 16:00:36 +0200 Subject: [PATCH 1/2] fix: replaced - and _ characters in jwt --- src/core/jwt/jwtToken.js | 6 +++++- test/core/jwt/jwtToken/test.js | 8 ++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/core/jwt/jwtToken.js b/src/core/jwt/jwtToken.js index 36d258a8..f9b77dcc 100644 --- a/src/core/jwt/jwtToken.js +++ b/src/core/jwt/jwtToken.js @@ -30,7 +30,11 @@ */ export function parseJwtPayload(token) { try { - return JSON.parse(atob(token.split('.')[1])); + let base64Payload = token.split('.')[1]; + base64Payload = base64Payload.replace(/-/g, '+'); // replace - with + + base64Payload = base64Payload.replace(/_/g, '/'); // replace _ with / + + return JSON.parse(atob(base64Payload)); } catch (e) { return null; } diff --git a/test/core/jwt/jwtToken/test.js b/test/core/jwt/jwtToken/test.js index 3c34352d..963b1b07 100644 --- a/test/core/jwt/jwtToken/test.js +++ b/test/core/jwt/jwtToken/test.js @@ -48,6 +48,14 @@ define(['core/jwt/jwtToken'], jwtToken => { assert.equal(parseJwtPayload(), null, 'missing token returns null'); }); + QUnit.test('parses payload object from full token with unsupported characters', assert => { + assert.expect(2); + const token = 'eyJhbGciOiJIUzI1NiJ9.eyJmb28iOiI_In0.qXbg9lEnmvDekuDfNqiAdqYb3Yx1iTLw7RyUGoz5I9w'; + const result = parseJwtPayload(token); + assert.ok(typeof result === 'object', 'parsed payload is an object'); + assert.equal(result.foo, '?'); + }); + QUnit.module('getJwtTTL'); const time1 = 1620651921250; From e0577fadfc69256654ab6c99043bcd3ee4248adf Mon Sep 17 00:00:00 2001 From: jsconan Date: Tue, 20 Jun 2023 08:34:47 +0200 Subject: [PATCH 2/2] chore: bump version --- package-lock.json | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index c4c19295..6508ec58 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "@oat-sa/tao-core-sdk", - "version": "2.0.1", + "version": "2.0.2", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 2f493f83..9aab79d6 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@oat-sa/tao-core-sdk", - "version": "2.0.1", + "version": "2.0.2", "displayName": "TAO Core SDK", "description": "Core libraries of TAO", "homepage": "https://github.com/oat-sa/tao-core-sdk-fe#readme",