README updated, test for wrong key verification added

tsmx · tsmx · commit 15e2e66c73d7 · 2021-05-22T21:56:29.000+02:00
diff --git a/README.md b/README.md
@@ -94,6 +94,7 @@ The verification would fail and return `false`, if...
 - `obj` doesn't provide a HMAC to check against
 - `obj` was manipulated: at least one attribute was changed, added or deleted (deep-inspection including all nested objects/arrays)
 - the HMAC of `obj` was manipulated
+- `key` is deviating from the one the HMAC was created with
 
 #### obj
 
@@ -105,7 +106,7 @@ The object of which the HMAC should be verified. The given HMAC to be verified i
 
 Type: `String`
 
-The key to calculate the objects HMAC and validate against the given one. Must be identical to the `key` that was used to create the original HMAC for the object.
+The key to calculate the objects HMAC and validate against the given one. Must be identical to the `key` that was used to create the original HMAC for the object for a successful verification.
 
 #### hmacAttribute
 
diff --git a/test/object-hmac.test.js b/test/object-hmac.test.js
@@ -2,6 +2,7 @@ describe('object-hmac test suite', () => {
 
     const objectHmac = require('../object-hmac');
     const testKey = 'HmacSecret-0815';
+    const testKeyBroken = 'HmacSecret-4711';
     const testHmac = 'bb83e36f2c030af71803fd6a82b49ea638944bb6638351754a967f4f5638ac3b';
     const testHmacAttribute = '__hmac';
     const testHmacAttributeDifferent = '_signature';
@@ -74,6 +75,11 @@ describe('object-hmac test suite', () => {
         done();
     });
 
+    it('test a failed HMAC verification - wrong key', async (done) => {
+        expect(objectHmac.verifyHmac(testObjects.testObjectWithHmac, testKeyBroken)).toBeFalsy();
+        done();
+    });
+
     it('test a failed HMAC verification - obj is null', async (done) => {
         expect(objectHmac.verifyHmac(null, testKey)).toBeFalsy();
         done();
