From 70645846baf3aa9ecb7f6f49de143a4282128a73 Mon Sep 17 00:00:00 2001 From: Justin Wind Date: Mon, 6 Jun 2022 11:21:38 -0700 Subject: [PATCH] handle undefined credential more gracefully --- lib/authenticator.js | 6 +++++- test/lib/authenticator.js | 6 ++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/authenticator.js b/lib/authenticator.js index 0c0c349..4449a94 100644 --- a/lib/authenticator.js +++ b/lib/authenticator.js @@ -66,10 +66,14 @@ class Authenticator { */ async isValidIdentifierCredential(identifier, credential, ctx) { const _scope = _fileScope('isValidIdentifierCredential'); - this.logger.debug(_scope, 'called', { identifier, credential: '*'.repeat(credential.length), ctx }); + this.logger.debug(_scope, 'called', { identifier, credential: '*'.repeat((credential || '').length), ctx }); let isValid = false; + if (typeof credential === 'undefined') { + return isValid; + } + await this.db.context(async (dbCtx) => { const authData = await this.db.authenticationGet(dbCtx, identifier); if (!authData) { diff --git a/test/lib/authenticator.js b/test/lib/authenticator.js index 22fc9d2..5da6439 100644 --- a/test/lib/authenticator.js +++ b/test/lib/authenticator.js @@ -117,6 +117,12 @@ describe('Authenticator', function () { assert.strictEqual(result, false); assert.strictEqual(ctx.authenticationId, undefined); }); + it('covers non-string credential', async function () { + credential = '$argon2id$v=19$m=4096,t=3,p=1$SbAlHo5x2HM0PvMAWYHqww$gNn/o+B6+IWsnrVupPkTAiiK9tvwV+eM/HoXG41bnzM'; + const result = await authenticator.isValidIdentifierCredential(identifier, undefined, ctx); + assert.strictEqual(result, false); + assert.strictEqual(ctx.authenticationId, undefined); + }); it('covers unknown password hash', async function () { authenticator.db.authenticationGet.resolves({ identifier, -- 2.45.2