@guardian/pan-domain-node 1.1.0 → 1.2.0

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @guardian/pan-domain-node
 
+## 1.2.0
+
+### Minor Changes
+
+- 5c14027: Fix app crash with no cookie value
+
 ## 1.1.0
 
 ### Minor Changes

package/dist/src/panda.d.ts

@@ -17,5 +17,5 @@ export declare class PanDomainAuthentication {
     constructor(cookieName: string, region: string, bucket: string, keyFile: string, validateUser: ValidateUserFn, credentialsProvider?: AwsCredentialIdentityProvider);
     stop(): void;
     getPublicKey(): Promise<string>;
-    verify(requestCookies: string): Promise<AuthenticationResult>;
+    verify(requestCookies: string | undefined): Promise<AuthenticationResult>;
 }

package/dist/src/panda.js

@@ -157,7 +157,7 @@ class PanDomainAuthentication {
     }
     verify(requestCookies) {
         return this.getPublicKey().then(publicKey => {
-            const cookies = cookie.parse(requestCookies);
+            const cookies = cookie.parse(requestCookies !== null && requestCookies !== void 0 ? requestCookies : '');
             const pandaCookie = cookies[this.cookieName];
             return verifyUser(pandaCookie, publicKey, new Date(), this.validateUser);
         });

package/dist/test/panda.test.js

@@ -283,5 +283,16 @@ describe('panda class', function () {
             };
             expect(authenticationResult).toStrictEqual(expected);
         }));
+        it('should fail to authenticate with no-cookie reason if no cookie is present at all', () => __awaiter(this, void 0, void 0, function* () {
+            jest.setSystemTime(100);
+            const panda = new panda_1.PanDomainAuthentication('rightcookiename', 'region', 'bucket', 'keyfile', api_1.guardianValidation);
+            const noCookie = undefined;
+            const authenticationResult = yield panda.verify(noCookie);
+            const expected = {
+                success: false,
+                reason: "no-cookie"
+            };
+            expect(authenticationResult).toStrictEqual(expected);
+        }));
     });
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@guardian/pan-domain-node",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "NodeJs implementation of Guardian pan-domain auth verification",
   "main": "dist/src/api.js",
   "types": "dist/src/api.d.ts",

package/src/panda.ts

@@ -146,9 +146,9 @@ export class PanDomainAuthentication {
         });
     }
 
-    verify(requestCookies: string): Promise<AuthenticationResult> {
+    verify(requestCookies: string | undefined): Promise<AuthenticationResult> {
         return this.getPublicKey().then(publicKey => {
-            const cookies = cookie.parse(requestCookies);
+            const cookies = cookie.parse(requestCookies ?? '');
             const pandaCookie = cookies[this.cookieName];
             return verifyUser(pandaCookie, publicKey, new Date(), this.validateUser);
         });

package/test/panda.test.ts

@@ -349,6 +349,20 @@ describe('panda class', function () {
       };
       expect(authenticationResult).toStrictEqual(expected);
     });
+
+    it('should fail to authenticate with no-cookie reason if no cookie is present at all', async () => {
+      jest.setSystemTime(100);
+
+      const panda = new PanDomainAuthentication('rightcookiename', 'region', 'bucket', 'keyfile', guardianValidation);
+      const noCookie = undefined;
+      const authenticationResult = await panda.verify(noCookie);
+
+      const expected: CookieFailure = {
+        success: false,
+        reason: "no-cookie"
+      };
+      expect(authenticationResult).toStrictEqual(expected);
+    });
   });
 
 });