rspec/rules/S5659/javascript/rule.adoc

include::../description.adoc[]

== Noncompliant Code Example

https://www.npmjs.com/package/jsonwebtoken[jsonwebtoken] library:
----
const jwt = require('jsonwebtoken');

let token = jwt.sign({ foo: 'bar' }, key, { algorithm: 'none' }); // Noncompliant: JWT should include a signature

jwt.verify(token, key, { expiresIn: 360000 * 5, algorithms: ['RS256', 'none'] }, callbackcheck); // Noncompliant: none algorithm should not be used when verifying JWT signature
----

== Compliant Solution

https://www.npmjs.com/package/jsonwebtoken[jsonwebtoken] library:
----
const jwt = require('jsonwebtoken');

let token = jwt.sign({ foo: 'bar' }, key, { algorithm: 'HS256' }); // Compliant

jwt.verify(token, key, { expiresIn: 360000 * 5, algorithms: ['HS256'] }, callbackcheck); // Compliant
----

include::../see.adoc[]