diff --git a/backend/tests/auth-jwt.test.ts b/backend/tests/auth-jwt.test.ts index 7e27d90..eea6311 100644 --- a/backend/tests/auth-jwt.test.ts +++ b/backend/tests/auth-jwt.test.ts @@ -43,7 +43,10 @@ describe('JWT helpers', () => { const now = Math.floor(Date.now() / 1000); const token = signJwt({ sub: 'GTESTPUBLICKEY123', iat: now, exp: now + 3600 }); const parts = token.split('.') as [string, string, string]; - parts[2] = parts[2].slice(0, -1) + (parts[2].slice(-1) === 'A' ? 'B' : 'A'); + + const i = Math.floor(parts[2].length / 2); // tamper a middle char, not the last + const c = parts[2][i]; + parts[2] = parts[2].slice(0, i) + (c === 'A' ? 'B' : 'A') + parts[2].slice(i + 1); expect(verifyJwt(parts.join('.'))).toBeNull(); });