4

I'm using the Mailgun node machine-pack to send an email with a url that has a JWT created using machinepack-jwt in it. When the user clicks "confirm" in the generated email it hits my Sails controller method where I want to decode the JWT.

I keep getting an object with properties that have empty strings as their value.

For reference: I'm using node-machine machinepack-jwt to do the encoding and decoding. I tried to tag the question as such but this tag isn't in the available tags and I don't have the required 1500 rep points

My sails controller:

 module.exports = {
   //Encode method
   signup: function (req, res){
     if (!req.param('serviceManager')) {
       res.badRequest('Missing required parameter!');
     } else {
       var Mailgun = require('machinepack-mailgun');
       var JWT = require('machinepack-jwt');
       var newUser = req.param('serviceManager');
       JWT.encode({
         secret: 'my_secret',
         algorithm: 'my_algo',
         expires: 2880, //in minutes(two days)
         payload: newUser.email + ':' + newUser.password
       }).exec({
         error: function (err){
           console.log(err);
         },
         success : function (authToken){
           Mailgun.sendHtmlEmail({//my Mailgun send with template that has authToken in it});

    //Decode method
    confirm_email: function (req, res){
      if (!req.params[0]) {
        res.badRequest('Missing required parameter!');
     } else {
       var JWT = require('machinepack-jwt');
       var authToken = req.params[0];
       console.log(authToken);
       JWT.decode({
         secret: 'my_secret',
         token: authToken,
         algorithm: 'my_algo'
       }).exec({
         error: function (err) {
           res.send(err);
         },
         success: function (decodedToken) {
           res.view('emailconfirmed');
           console.log(decodedToken);// returns { id: '', email: '', role: '', sessionId: '' }
         }
       });
     }
   }

What I'm expecting is the users email and password which I've encoded in the sent JWT.

Brad W
  • 2,540
  • 2
  • 18
  • 28
  • I know this is an old post but `jsonwebtoken` is pretty sweet: https://www.npmjs.com/package/jsonwebtoken. It let's you `.sign()` to encode and `.verify()` to decode. https://jwt.io – twknab Feb 18 '17 at 02:48

1 Answers1

4

Are you showing code with fake data ? I'm asking because algorithm parameter in JWT has incorrect value 'my_algo'. You can use only a few algorithms - S256, HS384, HS512 and RS256

And next you should use this code like this:

JWT.encode({
         secret: 'my_secret',
         algorithm: 'HS256',
         expires: 2880, //in minutes(two days)
         payload: newUser
       }).exec({

 JWT.decode({
         secret: 'my_secret',
         token: authToken,
         algorithm: 'HS256'
         schema:'email, password' // set here properties from payload object
       }).exec({

In this library you should use schema param to set schema for your data - http://node-machine.org/machinepack-jwt/decode

//-----

var express = require('express');
var path = require('path');
var bodyParser = require('body-parser');

var app = express();

app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(express.static(path.join(__dirname, 'public')));

app.get('/', function (req, res) {
  var JWT = require('machinepack-jwt');
       var newUser ={
         username:'username',
         password:'pass'
       }

       JWT.encode({
         secret: 'my_secret',
         algorithm: 'HS256',
         expires: 2880, //in minutes(two days)
         payload: newUser
       }).exec({
         error: function (err){
           console.log(err);
         },
         success : function (authToken){
           JWT.decode({
                   secret: 'my_secret',
                   token: authToken,
                   algorithm: 'HS256',
                   schema:'username,password'
                 }).exec({
                   error: function (err) {
                     res.send(err);
                   },
                   success: function (decodedToken) {
                     res.send(decodedToken);
                   }
                 });
         }
       });
});
app.listen(3000);

module.exports = app;
Bartosz Czerwonka
  • 1,631
  • 1
  • 10
  • 11
  • I think there is an issue with the `decode() `method of the library I linked to above. I was able to decode using the `jwt.verify()` method of [this] (https://github.com/auth0/node-jsonwebtoken) node module that machinepack-jwt is dependent on. And yes I used fake data in my example. My algorithm is valid. I think it may be an issue with the order the parameters were loaded. When I get time I'll figure it out and do a pull request and post the solution here. – Brad W Oct 10 '15 at 11:19
  • I wrote some test for this and when I use schema param and set properties from payload object then working. – Bartosz Czerwonka Oct 10 '15 at 11:22
  • The tests were as you had posted above? Because I also tried with a schema parameter. It's value also came back as an empty string. – Brad W Oct 10 '15 at 11:35
  • So the main difference I see is that you're calling the decode method within the success callback of the encode method. I was using these in separate named functions. Otherwise this is the exact code I was using. – Brad W Oct 10 '15 at 11:57
  • That and I passed a string to payload in the encode. An email address. And one parameter to Schema. – Brad W Oct 10 '15 at 12:02
  • Main difference is I passed object in payload and set schema (all properties from object that was passing). – Bartosz Czerwonka Oct 10 '15 at 12:07