tests: add test for secret storage disappearing

expressjs · Mar 19, 2019 · 09baec8 · 09baec8
1 parent 8851fa6
commit 09baec8
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/index.js b/index.js
@@ -202,7 +202,6 @@ function getSecret (req, sessionKey, cookie) {
   var key = cookie ? cookie.key : 'csrfSecret'
 
   if (!bag) {
-    /* istanbul ignore next: should never actually run */
     throw new Error('misconfigured csrf')
   }
 

diff --git a/test/test.js b/test/test.js
@@ -364,6 +364,23 @@ describe('csurf', function () {
         .get('/')
         .expect(200, 'true', done)
     })
+
+    it('should error when secret storage missing', function (done) {
+      var app = connect()
+
+      app.use(session({ keys: ['a', 'b'] }))
+      app.use(csurf())
+      app.use(function (req, res) {
+        req.session = null
+        res.setHeader('x-run', 'true')
+        res.end(req.csrfToken())
+      })
+
+      request(app)
+        .get('/')
+        .expect('x-run', 'true')
+        .expect(500, /misconfigured csrf/, done)
+    })
   })
 
   describe('when using session storage', function () {