When decoding, if JWT payload is not valid it returns null

dschenkelman · dschenkelman · commit b92fca9a57aa · 2015-06-02T00:06:16.000-03:00
diff --git a/lib/verify-stream.js b/lib/verify-stream.js
@@ -67,8 +67,13 @@ function jwsDecode(jwsSig, opts) {
     return null;
 
   var payload = payloadFromJWS(jwsSig);
-  if (header.typ === 'JWT' || opts.json)
-    payload = JSON.parse(payload, opts.encoding);
+  if (header.typ === 'JWT' || opts.json){
+    try {
+      payload = JSON.parse(payload, opts.encoding);
+    } catch (e) {
+      return null;
+    }
+  }
 
   return {
     header: header,
diff --git a/test/jws.test.js b/test/jws.test.js
@@ -222,6 +222,7 @@ test('Streaming verify: ECDSA, with invalid key', function (t) {
 test('jws.decode: not a jws signature', function (t) {
   t.same(jws.decode('some garbage string'), null);
   t.same(jws.decode('http://sub.domain.org'), null);
+  t.same(jws.decode('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e3.t-IDcSemACt8x4iTMCda8Yhe3iZaWbvV5XKSTbuAn0M'), null);
   t.end();
 });
 
