fix(sign): prevent double callback when payload already has a property

Author: maishivamhoo123

sign.js

@@ -214,15 +214,15 @@ module.exports = function (payload, secretOrPrivateKey, options, callback) {
  }
  }
 
- Object.keys(options_to_payload).forEach(function (key) {
+ for (const key of Object.keys(options_to_payload)) {
  const claim = options_to_payload[key];
  if (typeof options[key] !== 'undefined') {
  if (typeof payload[claim] !== 'undefined') {
  return failure(new Error('Bad "options.' + key + '" option. The payload already has an "' + claim + '" property.'));
  }
  payload[claim] = options[key];
  }
- });
+ };
 
  const encoding = options.encoding || 'utf8';
 

test/callback-issue.test.js

@@ -0,0 +1,24 @@
+const assert = require('assert');
+const jwt = require('../index.js');
+
+describe('Fix: jwt.sign callback should not be called twice', function () {
+ it('should call callback only once when payload.iss conflicts with options.issuer', function (done) {
+ let callbackCount = 0;
+
+ jwt.sign(
+ { iss: 'bar', iat: 1757476476 },
+ 'secret',
+ { algorithm: 'HS256', issuer: 'foo' },
+ (err) => {
+ callbackCount++;
+ assert.ok(err, 'Expected an error due to issuer conflict');
+ assert.strictEqual(
+ err.message,
+ 'Bad "options.issuer" option. The payload already has an "iss" property.'
+ );
+ assert.strictEqual(callbackCount, 1, 'Callback was called more than once');
+ done();
+ }
+ );
+ });
+});