borg/drone-detector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix jwt-token

Browse Source
This commit is contained in:
Alexander Borg
2025-09-15 20:53:26 +02:00
parent 3f1c59727b
commit 77178d2aaa
2 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
server/tests/security/vulnerabilities.test.js
View File

@@ -65,9 +65,13 @@ describe('Security Tests', () => {
// This might be valid depending on configuration
continue;
}
expect.fail(`Token manipulation test "${test.name}" should have failed`);
// Token should have been rejected but wasn't - this is unexpected
throw new Error(`Token manipulation test "${test.name}" should have failed but was accepted`);
} catch (error) {
// Expected behavior - token should be rejected
if (error.message && error.message.includes('should have failed but was accepted')) {
throw error; // Re-throw unexpected success
}
expect(error.name).to.be.oneOf(['JsonWebTokenError', 'TokenExpiredError', 'NotBeforeError']);
}
}
@@ -230,11 +234,15 @@ describe('Security Tests', () => {
];
allowedIPs.forEach(ip => {
expect(checkIPRestriction(ip, tenant.ip_restrictions)).to.be.true;
const result = checkIPRestriction(ip, tenant.ip_restrictions);
console.log(`Testing allowed IP ${ip} against ${tenant.ip_restrictions}: ${result}`);
expect(result).to.be.true;
});
blockedIPs.forEach(ip => {
expect(checkIPRestriction(ip, tenant.ip_restrictions)).to.be.false;
const result = checkIPRestriction(ip, tenant.ip_restrictions);
console.log(`Testing blocked IP ${ip} against ${tenant.ip_restrictions}: ${result}`);
expect(result).to.be.false;
});
});