diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts index 3d0d76c5a..9662f4c1e 100644 --- a/src/auth/auth.service.ts +++ b/src/auth/auth.service.ts @@ -36,6 +36,9 @@ export class AuthService { async validateToken(token: string): Promise { const [keyId, secret] = token.split('.'); + if (!secret) { + throw new TokenNotValidError('Invalid AuthToken format'); + } if (secret.length > 72) { // Only the first 72 characters of the tokens are considered by bcrypt // This should prevent strange corner cases