Force skip validation option (#32)

* feat(force): add force option to skip token validation * fix(validation): verify token is provided and fix typ error message * Update readme
lmammino · Nov 7, 2023 · 40ccbb2 · 40ccbb2
1 parent 604af56
commit 40ccbb2
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -26,7 +26,7 @@ npm install --global jwt-cracker
 From command line:
 
 ```bash
-jwt-cracker -t <token> [-a <alphabet>] [--max <maxLength>] [-d <dictionaryFilePath>]
+jwt-cracker -t <token> [-a <alphabet>] [--max <maxLength>] [-d <dictionaryFilePath>] [-f]
 ```
 
 Where:
@@ -35,6 +35,7 @@ Where:
 * **alphabet**: the alphabet to use for the brute force (default: "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
 * **maxLength**: the max length of the string generated during the brute force (default: 12)
 * **dictionaryFilePath**: path to a list of passwords (one per line) to use instead of brute force
+* **force**: force script to execute when the token isn't valid
 
 ## Requirements
 

diff --git a/__tests__/jwtValidator.test.js b/__tests__/jwtValidator.test.js
@@ -11,6 +11,7 @@ describe('JWTValidator', () => {
   const invalidHeaderToken = 'eyJhJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ikpqd3QtY3JhY2tlciJ9.c5ZqtVGS-Jc6WUJsaRBVzfpUOcMFLu0lo0fd2FwDnJE'
   const nonJwtTypToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6Ik5vdC1Kd3QifQ.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ikpqd3QtY3JhY2tlciJ9.8SmsCZptHRoDeGclg5Tl_N5-tSJF24BBPYa_YKp8b4g'
   const validButUnsupportedRS256Token = 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJSUzI1NmluT1RBIiwibmFtZSI6IkpvaG4gRG9lIn0.ICV6gy7CDKPHMGJxV80nDZ7Vxe0ciqyzXD_Hr4mTDrdTyi6fNleYAyhEZq2J29HSI5bhWnJyOBzg2bssBUKMYlC2Sr8WFUas5MAKIr2Uh_tZHDsrCxggQuaHpF4aGCFZ1Qc0rrDXvKLuk1Kzrfw1bQbqH6xTmg2kWQuSGuTlbTbDhyhRfu1WDs-Ju9XnZV-FBRgHJDdTARq1b4kuONgBP430wJmJ6s9yl3POkHIdgV-Bwlo6aZluophoo5XWPEHQIpCCgDm3-kTN_uIZMOHs2KRdb6Px-VN19A5BYDXlUBFOo-GvkCBZCgmGGTlHF_cWlDnoA9XTWWcIYNyUI4PXNw'
+  const emptyToken = ''
 
   describe('validateToken', () => {
     test('should return true for a valid HS256 JWT token', () => {
@@ -62,6 +63,11 @@ describe('JWTValidator', () => {
       const result = JWTValidator.validateGeneralJwtFormat(invalidFormatEmptyPartsToken)
       expect(result).toBe(false)
     })
+
+    test('should return false if no token is provided', () => {
+      const result = JWTValidator.validateGeneralJwtFormat(emptyToken)
+      expect(result).toBe(false)
+    })
   })
 
   describe('validateHmacAlgorithmHeader', () => {

diff --git a/argsParser.js b/argsParser.js
@@ -6,7 +6,7 @@ export default class ArgsParser {
   constructor () {
     this.args = yargs(hideBin(process.argv))
       .usage(
-        'Usage: jwt-cracker -t <token> [-a <alphabet>] [--max <maxLength>] [-d <dictionaryFile>]'
+        'Usage: jwt-cracker -t <token> [-a <alphabet>] [--max <maxLength>] [-d <dictionaryFile>] [-f]'
       )
       .option('t', {
         alias: 'token',
@@ -29,6 +29,11 @@ export default class ArgsParser {
         type: 'string',
         describe: 'Password file to use instead of the brute force'
       })
+      .option('f', {
+        alias: 'force',
+        type: 'boolean',
+        describe: 'Skip token validation'
+      })
       .help()
       .wrap(yargs.terminalWidth)
       .alias('h', 'help').argv
@@ -46,6 +51,10 @@ export default class ArgsParser {
     return this.args.max
   }
 
+  get force () {
+    return this.args.force
+  }
+
   get dictionaryFilePath () {
     return this.args.dictionary
   }

diff --git a/index.js b/index.js
@@ -19,12 +19,13 @@ const {
   token,
   alphabet,
   maxLength,
-  dictionaryFilePath
+  dictionaryFilePath,
+  force
 } = new ArgsParser()
 
 const { isTokenValid, algorithm } = JWTValidator.validateToken(token)
 
-if (!isTokenValid) {
+if (!isTokenValid && (!force || !token.length)) {
   process.exit(Constants.EXIT_CODE_FAILURE)
 }
 

diff --git a/jwtValidator.js b/jwtValidator.js
@@ -25,6 +25,11 @@ export default class JWTValidator {
   }
 
   static validateGeneralJwtFormat (token) {
+    if (token.length === 0) {
+      console.log('Missing token')
+      return false
+    }
+
     const parts = token.split('.')
 
     if (parts.length !== 3) {
@@ -48,7 +53,7 @@ export default class JWTValidator {
     }
 
     if (decodedHeader.typ !== 'JWT') {
-      console.log(`Unsupported Typ: ${decodedHeader.alg}`)
+      console.log(`Unsupported Typ: ${decodedHeader.typ}`)
       return false
     }