diff --git a/CHANGELOG.md b/CHANGELOG.md index 0b12bd3..9a96ac0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ # CHANGELOG +## 2.3.1 (26.02.2024) +~ Bump the version of jwt-decode + ## 2.3.0 (15.01.2024) - Do not add the full content of `context.bindingData` to `customDimensions` for app insights logging anymore as it contains i.e. the request body. + Add `AppInsightForHttpTrigger.finalizeWithConfig` which allows you to configure when the request and response body should be logged and allows you to use a body sanitizer to remove sensitive data. diff --git a/package-lock.json b/package-lock.json index c51ec60..13798db 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "@azure/functions": "^3.0.0", "@types/node": "^20.8.10", "axios": "^1.1.3", - "jwt-decode": "^3.1.2" + "jwt-decode": "^4.0.0" }, "devDependencies": { "@trivago/prettier-plugin-sort-imports": "^4.2.0", @@ -4260,8 +4260,12 @@ } }, "node_modules/jwt-decode": { - "version": "3.1.2", - "license": "MIT" + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/jwt-decode/-/jwt-decode-4.0.0.tgz", + "integrity": "sha512-+KJGIyHgkGuIq3IEBNftfhW/LfWhXUIY6OmyVWjliu5KH1y0fw7VQ8YndE2O4qZdMSd9SqbnC8GOcZEy0Om7sA==", + "engines": { + "node": ">=18" + } }, "node_modules/kleur": { "version": "3.0.3", diff --git a/package.json b/package.json index 8f69ae5..058c03e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@senacor/azure-function-middleware", - "version": "2.3.0", + "version": "2.3.1", "description": "Middleware for azure functions to handle authentication, authorization, error handling and logging", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -42,7 +42,7 @@ "@azure/functions": "^3.0.0", "@types/node": "^20.8.10", "axios": "^1.1.3", - "jwt-decode": "^3.1.2" + "jwt-decode": "^4.0.0" }, "peerDependencies": { "applicationinsights": "^2.5.0", diff --git a/src/jwtAuthorization.test.ts b/src/jwtAuthorization.test.ts index 0c0ebd3..35fd997 100644 --- a/src/jwtAuthorization.test.ts +++ b/src/jwtAuthorization.test.ts @@ -18,7 +18,7 @@ describe('The authorization middleware should', () => { test('successfully validate the passed authorization token', async () => { requestMock.headers.authorization = 'Bearer token'; - jwtMock.default.mockReturnValue('JWT-TEST'); + jwtMock.jwtDecode.mockReturnValue('JWT-TEST'); await sut([ { @@ -45,7 +45,7 @@ describe('The authorization middleware should', () => { ), ).rejects.toEqual(new ApplicationError('Authorization error', 401)); - expect(jwtMock.default).not.toBeCalled(); + expect(jwtMock.jwtDecode).not.toBeCalled(); }); test('fail caused by a incorrectly formatted authorization header', async () => { @@ -60,12 +60,12 @@ describe('The authorization middleware should', () => { ), ).rejects.toEqual(new ApplicationError('Authorization error', 401)); - expect(jwtMock.default).not.toBeCalled(); + expect(jwtMock.jwtDecode).not.toBeCalled(); }); test('fail caused by second rule failing and therefore chaining failed', async () => { requestMock.headers.authorization = 'Bearer token'; - jwtMock.default.mockReturnValue('JWT-TEST'); + jwtMock.jwtDecode.mockReturnValue('JWT-TEST'); await expect( sut([ diff --git a/src/jwtAuthorization.ts b/src/jwtAuthorization.ts index 80b09fc..b135eb2 100644 --- a/src/jwtAuthorization.ts +++ b/src/jwtAuthorization.ts @@ -1,5 +1,5 @@ import { AzureFunction, Context, ContextBindingData, HttpRequest } from '@azure/functions'; -import jwtDecode from 'jwt-decode'; +import { jwtDecode } from 'jwt-decode'; import { ApplicationError } from './error';