From 8a9907df36b9e30bd5d7320f9c817b314074477b Mon Sep 17 00:00:00 2001 From: Alex Goretoy Date: Thu, 3 Sep 2015 23:09:36 -0700 Subject: [PATCH] Fix signedCookie to return undefined for non-string arguments closes #18 --- HISTORY.md | 1 + index.js | 4 ++++ test/cookieParser.js | 9 +++++++++ 3 files changed, 14 insertions(+) diff --git a/HISTORY.md b/HISTORY.md index 1a7aed7..9997e55 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -2,6 +2,7 @@ unreleased ========== * Fix `JSONCookie` to return `undefined` for non-string arguments + * Fix `signedCookie` to return `undefined` for non-string arguments * deps: cookie@0.1.5 1.3.5 / 2015-05-19 diff --git a/index.js b/index.js index f511751..11ea696 100644 --- a/index.js +++ b/index.js @@ -117,6 +117,10 @@ function JSONCookies(obj) { */ function signedCookie(str, secret) { + if (typeof str !== 'string') { + return undefined; + } + return str.substr(0, 2) === 's:' ? signature.unsign(str.slice(2), secret) : str; diff --git a/test/cookieParser.js b/test/cookieParser.js index 0ac4d6e..fe8f938 100644 --- a/test/cookieParser.js +++ b/test/cookieParser.js @@ -139,6 +139,15 @@ describe('cookieParser.JSONCookie(str)', function () { }) describe('cookieParser.signedCookie(str, secret)', function () { + it('should return undefined for non-string arguments', function () { + assert.strictEqual(cookieParser.signedCookie(undefined, 'keyboard cat'), undefined) + assert.strictEqual(cookieParser.signedCookie(null, 'keyboard cat'), undefined) + assert.strictEqual(cookieParser.signedCookie(42, 'keyboard cat'), undefined) + assert.strictEqual(cookieParser.signedCookie({}, 'keyboard cat'), undefined) + assert.strictEqual(cookieParser.signedCookie([], 'keyboard cat'), undefined) + assert.strictEqual(cookieParser.signedCookie(function(){}, 'keyboard cat'), undefined) + }) + it('should pass through non-signed string', function () { assert.strictEqual(cookieParser.signedCookie('', 'keyboard cat'), '') assert.strictEqual(cookieParser.signedCookie('foo', 'keyboard cat'), 'foo')