Avoid uncaught "SyntaxError: Unexpected token ͧ" error.

When .verify() a corrupted JWS (e.g.: malicious user add extra characters in the middle of token) an error is thrown: `` [ERROR] console - SyntaxError: Unexpected token ͧ at Object.parse (native) at Object.jwsDecode [as decode] (/www/socketio-jwt/node_modules/jsonwebtoken/node_modules/jws/lib/verify-stream.js:71:20) at Object.module.exports.verify (/www/socketio-jwt/node_modules/jsonwebtoken/index.js:120:26)` ``
auth0 · May 7, 2015 · 0dc59cd · 0dc59cd
1 parent 881d07f
commit 0dc59cd
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/index.js b/index.js
@@ -117,7 +117,12 @@ module.exports.verify = function(jwtString, secretOrPublicKey, options, callback
 
   }
 
-  var decodedToken = jws.decode(jwtString);
+  var decodedToken;
+  try {
+    decodedToken = jws.decode(jwtString);
+  } catch(err) {
+    return done(new JsonWebTokenError('invalid token'));
+  }
 
   if (!decodedToken) {
     return done(new JsonWebTokenError('invalid token'));