From c12fd4cbddfea19fb3f7efc0be9b5ef02d23f2ce Mon Sep 17 00:00:00 2001 From: "Ikenga Ifeanyi .M." Date: Fri, 3 Jul 2026 11:55:07 +0100 Subject: [PATCH 1/3] Fixed Issue --- backend/tests/auth-jwt.test.ts | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/backend/tests/auth-jwt.test.ts b/backend/tests/auth-jwt.test.ts index 7e27d900..4b75d137 100644 --- a/backend/tests/auth-jwt.test.ts +++ b/backend/tests/auth-jwt.test.ts @@ -39,11 +39,15 @@ describe('JWT helpers', () => { expect(verifyJwt(parts.join('.'))).toBeNull(); }); + it('returns null for a tampered signature', async () => { const now = Math.floor(Date.now() / 1000); const token = signJwt({ sub: 'GTESTPUBLICKEY123', iat: now, exp: now + 3600 }); const parts = token.split('.') as [string, string, string]; - parts[2] = parts[2].slice(0, -1) + (parts[2].slice(-1) === 'A' ? 'B' : 'A'); + + const i = Math.floor(parts[2].length / 2); // tamper a middle char, not the last + const c = parts[2][i]; + parts[2] = parts[2].slice(0, i) + (c === 'A' ? 'B' : 'A') + parts[2].slice(i + 1); expect(verifyJwt(parts.join('.'))).toBeNull(); }); From 50318ef29edeb33a6fee2cc48b8133930b7f6067 Mon Sep 17 00:00:00 2001 From: "Ikenga Ifeanyi .M." Date: Fri, 3 Jul 2026 11:56:34 +0100 Subject: [PATCH 2/3] Fixed Issue --- backend/tests/auth-jwt.test.ts | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/backend/tests/auth-jwt.test.ts b/backend/tests/auth-jwt.test.ts index 4b75d137..7e27d900 100644 --- a/backend/tests/auth-jwt.test.ts +++ b/backend/tests/auth-jwt.test.ts @@ -39,15 +39,11 @@ describe('JWT helpers', () => { expect(verifyJwt(parts.join('.'))).toBeNull(); }); - it('returns null for a tampered signature', async () => { const now = Math.floor(Date.now() / 1000); const token = signJwt({ sub: 'GTESTPUBLICKEY123', iat: now, exp: now + 3600 }); const parts = token.split('.') as [string, string, string]; - - const i = Math.floor(parts[2].length / 2); // tamper a middle char, not the last - const c = parts[2][i]; - parts[2] = parts[2].slice(0, i) + (c === 'A' ? 'B' : 'A') + parts[2].slice(i + 1); + parts[2] = parts[2].slice(0, -1) + (parts[2].slice(-1) === 'A' ? 'B' : 'A'); expect(verifyJwt(parts.join('.'))).toBeNull(); }); From 6307f83873ba58fe6679e8c8a24a133faab53e1a Mon Sep 17 00:00:00 2001 From: "Ikenga Ifeanyi .M." Date: Fri, 3 Jul 2026 11:58:06 +0100 Subject: [PATCH 3/3] Fixed Issue --- backend/tests/auth-jwt.test.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/backend/tests/auth-jwt.test.ts b/backend/tests/auth-jwt.test.ts index 7e27d900..eea63116 100644 --- a/backend/tests/auth-jwt.test.ts +++ b/backend/tests/auth-jwt.test.ts @@ -43,7 +43,10 @@ describe('JWT helpers', () => { const now = Math.floor(Date.now() / 1000); const token = signJwt({ sub: 'GTESTPUBLICKEY123', iat: now, exp: now + 3600 }); const parts = token.split('.') as [string, string, string]; - parts[2] = parts[2].slice(0, -1) + (parts[2].slice(-1) === 'A' ? 'B' : 'A'); + + const i = Math.floor(parts[2].length / 2); // tamper a middle char, not the last + const c = parts[2][i]; + parts[2] = parts[2].slice(0, i) + (c === 'A' ? 'B' : 'A') + parts[2].slice(i + 1); expect(verifyJwt(parts.join('.'))).toBeNull(); });