no need to attempt verification of missing token

navikt · Aug 2, 2019 · f91c9fe · f91c9fe
1 parent 7ceac04
commit f91c9fe
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/src/server/authsupport.js b/src/server/authsupport.js
@@ -1,6 +1,10 @@
 'use strict';
 
 const stillValid = token => {
+    if (!token) {
+        return false;
+    }
+
     try {
         const claims = claimsFrom(token);
         const expirationTime = parseInt(claims['exp']);

diff --git a/tests/server/authsupport.test.js b/tests/server/authsupport.test.js
@@ -29,10 +29,14 @@ test('invalid token has expiry in the past', async () => {
     expect(authsupport.stillValid(token)).toEqual(false);
 });
 
-test('missing token does not validate', async () => {
+test('null token does not validate', async () => {
     expect(authsupport.stillValid(null)).toEqual(false);
 });
 
+test('undefined token does not validate', async () => {
+    expect(authsupport.stillValid(undefined)).toEqual(false);
+});
+
 test('malformed token does not validate', async () => {
     expect(authsupport.stillValid('bogustext')).toEqual(false);
 });