handle undefined credential more gracefully

diff --git a/lib/authenticator.js b/lib/authenticator.js
index 0c0c349b7288af20f0fc7df421c91aeddd61a3dc..4449a94b700889f5c2196b77c91872ed0b52d26d 100644 (file)
--- a/lib/authenticator.js
+++ b/lib/authenticator.js
@@ -66,10 +66,14 @@ class Authenticator {
    */
   async isValidIdentifierCredential(identifier, credential, ctx) {
     const _scope = _fileScope('isValidIdentifierCredential');
-    this.logger.debug(_scope, 'called', { identifier, credential: '*'.repeat(credential.length), ctx });
+    this.logger.debug(_scope, 'called', { identifier, credential: '*'.repeat((credential || '').length), ctx });
 
     let isValid = false;
 
+    if (typeof credential === 'undefined') {
+      return isValid;
+    }
+
     await this.db.context(async (dbCtx) => {
       const authData = await this.db.authenticationGet(dbCtx, identifier);
       if (!authData) {

diff --git a/test/lib/authenticator.js b/test/lib/authenticator.js
index 22fc9d218eb3953f154cef9bf3d2b692332cf4d3..5da64397118439ff57cff5e414a83c8bfb3d6da7 100644 (file)
--- a/test/lib/authenticator.js
+++ b/test/lib/authenticator.js
@@ -117,6 +117,12 @@ describe('Authenticator', function () {
       assert.strictEqual(result, false);
       assert.strictEqual(ctx.authenticationId, undefined);
     });
+    it('covers non-string credential', async function () {
+      credential = '$argon2id$v=19$m=4096,t=3,p=1$SbAlHo5x2HM0PvMAWYHqww$gNn/o+B6+IWsnrVupPkTAiiK9tvwV+eM/HoXG41bnzM';
+      const result = await authenticator.isValidIdentifierCredential(identifier, undefined, ctx);
+      assert.strictEqual(result, false);
+      assert.strictEqual(ctx.authenticationId, undefined);
+    });
     it('covers unknown password hash', async function () {
       authenticator.db.authenticationGet.resolves({
         identifier,