Skip to content

Commit

Permalink
sign: add check to be sure secret has a value
Browse files Browse the repository at this point in the history
  • Loading branch information
@ziluvatar
ziluvatar committed Jul 24, 2017
1 parent 43739dc commit c584d1c
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 0 deletions.
3 changes: 3 additions & 0 deletions sign.js
View file
Expand Up @@ -66,6 +66,9 @@ module.exports = function (payload, secretOrPrivateKey, options, callback) {
throw err;
}

if (!secretOrPrivateKey) {
return failure(new Error('secretOrPrivateKey must have a value'));
}

if (typeof payload === 'undefined') {
return failure(new Error('payload is required'));
Expand Down
14 changes: 14 additions & 0 deletions test/async_sign.tests.js
View file
Expand Up @@ -63,5 +63,19 @@ describe('signing a token asynchronously', function() {
done();
});
});

describe('secret must have a value', function(){
[undefined, '', 0].forEach(function(secret){
it('should return an error if the secret is falsy: ' + (typeof secret === 'string' ? '(empty string)' : secret), function(done) {
// This is needed since jws will not answer for falsy secrets
jwt.sign('string', secret, {}, function(err, token) {
expect(err).to.be.exist();
expect(err.message).to.equal('secretOrPrivateKey must have a value');
expect(token).to.not.exist;
done();
});
});
});
});
});
});

2 comments on commit c584d1c

@cdambo
Copy link

@cdambo cdambo commented on c584d1c Aug 17, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a breaking change.... 😔

@ziluvatar
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

v7.4.3 released fixing it. Thanks!

Please sign in to comment.