From bde7ef600fbda33c50ad798f7b0d51ab14afadc3 Mon Sep 17 00:00:00 2001 From: Jessica Lawshe Date: Mon, 24 Aug 2020 11:15:26 -0500 Subject: [PATCH] Merge pull request #3138 from overleaf/jel-csrf-fix Fix validateToken signature GitOrigin-RevId: fbedaa76ec0fa2134a08aa43c28c3756f8a2afe6 --- services/web/app/src/infrastructure/Csrf.js | 5 +---- services/web/test/unit/src/infrastructure/CsrfTests.js | 7 ++++--- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/services/web/app/src/infrastructure/Csrf.js b/services/web/app/src/infrastructure/Csrf.js index add6a1b4f1..80797e2956 100644 --- a/services/web/app/src/infrastructure/Csrf.js +++ b/services/web/app/src/infrastructure/Csrf.js @@ -76,11 +76,8 @@ class Csrf { } static validateToken(token, session, cb) { - if (cb == null) { - cb = function(valid) {} - } if (token == null) { - return cb(false) + return cb(new Error('missing token')) } // run a dummy csrf check to see if it returns an error // use this to simulate a csrf check regardless of req method, headers &c. diff --git a/services/web/test/unit/src/infrastructure/CsrfTests.js b/services/web/test/unit/src/infrastructure/CsrfTests.js index 302b60625a..d7a7db5cb4 100644 --- a/services/web/test/unit/src/infrastructure/CsrfTests.js +++ b/services/web/test/unit/src/infrastructure/CsrfTests.js @@ -180,7 +180,7 @@ describe('Csrf', function() { }) describe('when there is no token', function() { - it('calls the callback with `false`', function() { + it('calls the callback with an error', function() { this.Csrf = SandboxedModule.require(modulePath, { globals: { console: console @@ -192,8 +192,9 @@ describe('Csrf', function() { } }) this.cb = sinon.stub() - this.Csrf.validateToken(null, {}, this.cb) - return expect(this.cb.calledWith(false)).to.equal(true) + this.Csrf.validateToken(null, {}, error => { + expect(error).to.exist + }) }) }) })