sign: add check to be sure secret has a value

ziluvatar · ziluvatar · commit c584d1cbc34b · 2017-07-24T16:59:07.000-05:00
diff --git a/sign.js b/sign.js
@@ -66,6 +66,9 @@ module.exports = function (payload, secretOrPrivateKey, options, callback) {
     throw err;
   }
 
+  if (!secretOrPrivateKey) {
+    return failure(new Error('secretOrPrivateKey must have a value'));
+  }
 
   if (typeof payload === 'undefined') {
     return failure(new Error('payload is required'));
diff --git a/test/async_sign.tests.js b/test/async_sign.tests.js
@@ -63,5 +63,19 @@ describe('signing a token asynchronously', function() {
         done();
       });
     });
+
+    describe('secret must have a value', function(){
+      [undefined, '', 0].forEach(function(secret){
+        it('should return an error if the secret is falsy: ' + (typeof secret === 'string' ? '(empty string)' : secret), function(done) {
+        // This is needed since jws will not answer for falsy secrets
+          jwt.sign('string', secret, {}, function(err, token) {
+            expect(err).to.be.exist();
+            expect(err.message).to.equal('secretOrPrivateKey must have a value');
+            expect(token).to.not.exist;
+            done();
+          });
+        });
+      });
+    });
   });
 });

Original file line number	Diff line number	Diff line change
`@@ -66,6 +66,9 @@ module.exports = function (payload, secretOrPrivateKey, options, callback) {`
`66`	`66`	`throw err;`
`67`	`67`	`}`
`68`	`68`
	`69`	`+ if (!secretOrPrivateKey) {`
	`70`	`+ return failure(new Error('secretOrPrivateKey must have a value'));`
	`71`	`+ }`
`69`	`72`
`70`	`73`	`if (typeof payload === 'undefined') {`
`71`	`74`	`return failure(new Error('payload is required'));`