[OGUI-1889] Improve errors returned from O2JsonWebToken and bump the library's version

Framework/Backend/http/server.js

@@ -303,7 +303,7 @@
    * Adds POST route using express router, the path will be prefix with "/api"
    * By default verifies JWT token unless public options is provided
    * @param {string} path         - path that the callback will be bound to
    * @param {function} callbacks   - method that handles request and response: function(req, res);
    *                                token should be passed as req.query.token;
    *                                more on req: https://expressjs.com/en/api.html#req
    *                                more on res: https://expressjs.com/en/api.html#res
@@ -318,7 +318,7 @@
    * Adds PUT route using express router, the path will be prefix with "/api"
    * By default verifies JWT token unless public options is provided
    * @param {string} path         - path that the callback will be bound to
    * @param {function} callbacks   - method that handles request and response: function(req, res);
    *                                token should be passed as req.query.token;
    *                                more on req: https://expressjs.com/en/api.html#req
    *                                more on res: https://expressjs.com/en/api.html#res
@@ -333,7 +333,7 @@
    * Adds PATCH route using express router, the path will be prefix with "/api"
    * By default verifies JWT token unless public options is provided
    * @param {string} path         - path that the callback will be bound to
    * @param {function} callbacks   - method that handles request and response: function(req, res);
    *                                token should be passed as req.query.token;
    *                                more on req: https://expressjs.com/en/api.html#req
    *                                more on res: https://expressjs.com/en/api.html#res
@@ -348,7 +348,7 @@
    * Adds DELETE route using express router, the path will be prefix with "/api"
    * By default verifies JWT token unless public options is provided
    * @param {string} path         - path that the callback will be bound to
    * @param {function} callbacks   - method that handles request and response: function(req, res);
    *                                token should be passed as req.query.token;
    *                                more on req: https://expressjs.com/en/api.html#req
    *                                more on res: https://expressjs.com/en/api.html#res
@@ -508,7 +508,7 @@
    * @todo use promises or generators to call it asynchronously!
    * @param {object} req - HTTP request
    * @param {object} res - HTTP response
    * @param {function} next - passes control to next matching route
    */
   jwtVerify(req, res, next) {
     try {
@@ -516,19 +516,10 @@
     } catch ({ name, message }) {
       this.logger.errorMessage(`${name} : ${message}`);
 
-      const response = { error: '403 - Json Web Token Error' };
-
-      // Allow for a custom message for known error messages
-      switch (message) {
-        case 'jwt must be provided':
-          response.message = 'You must provide a JWT token';
-          break;
-        default:
-          response.message = 'Invalid JWT token provided';
-          break;
-      }
-
-      res.status(403).json(response);
+      res.status(403).json({
+        error: '403 - Json Web Token Error',
+        message,
+      });
       return;
     }
 

Framework/Backend/services/O2TokenService.js

@@ -56,7 +56,21 @@ class O2TokenService {
    * @throws {Error} - if token, secret or issuer are invalid
    */
   verify(token) {
-    return jwt.verify(token, this._secret, { issuer: this._issuer });
+    try {
+      return jwt.verify(token, this._secret, { issuer: this._issuer });
+    } catch (error) {
+      switch (error.name) {
+        case 'TokenExpiredError':
+          error.message = `Token expired at ${error.expiredAt}`;
+          break;
+        case 'JsonWebTokenError':
+          error.message = `Invalid token: ${error.message}`;
+          break;
+        default:
+          error.message = `Token verification failed: ${error.message}`;
+      }
+      throw new jwt.JsonWebTokenError(error.message);
+    }
   }
 }
 

Framework/Backend/test/mocha-http.js

@@ -139,7 +139,7 @@ describe('REST API', () => {
       .expect('Content-Type', /json/)
       .expect(403, {
         error: '403 - Json Web Token Error',
-        message: 'Invalid JWT token provided',
+        message: 'Invalid token: jwt malformed',
       }, done);
   });
 
@@ -149,7 +149,7 @@ describe('REST API', () => {
       .expect('Content-Type', /json/)
       .expect(403, {
         error: '403 - Json Web Token Error',
-        message: 'You must provide a JWT token',
+        message: 'Invalid token: jwt must be provided',
       }, done);
   });
 

Framework/Backend/test/mocha-o2web-token.js

@@ -80,7 +80,7 @@ describe('JSON Web Token', () => {
       const o2Token = new O2TokenService(jwt);
       const token = o2Token.generateToken(101, 'alice', 'Alice O2');
       o2Token._secret = 'changed';
-      assert.throws(() => o2Token.verify(token), new JsonWebTokenError('invalid signature'));
+      assert.throws(() => o2Token.verify(token), new JsonWebTokenError('Invalid token: invalid signature'));
     });
   });
 });

Framework/package.json

@@ -33,7 +33,7 @@
   "dependencies": {
     "express": "^4.22.1",
     "helmet": "^8.1.0",
-    "jsonwebtoken": "^9.0.0",
+    "jsonwebtoken": "9.0.3",
     "kafkajs": "^2.2.0",
     "mithril": "1.1.7",
     "mysql": "^2.18.1",