Skip to content

Commit 24dd55b

Browse files
committed
fix: missing username or password is a 400 error
1 parent 6998aff commit 24dd55b

File tree

2 files changed

+19
-0
lines changed

2 files changed

+19
-0
lines changed

src/api.js

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,14 @@ export default function(couchOpts={}, opts={}) {
2626

2727
api.authenticate = async function authenticate(username, password) {
2828
try {
29+
if (typeof username !== "string" || !username) {
30+
throw new HTTPError(400, "Missing username.", "EBADINPUT");
31+
}
32+
33+
if (typeof password !== "string" || !password) {
34+
throw new HTTPError(400, "Missing password.", "EBADINPUT");
35+
}
36+
2937
let {body} = await superagent.get(`${baseUrl}/_session`)
3038
.accept("application/json")
3139
.auth(username, password);

test/index.js

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,17 @@ test("fails to sign in with incorrect credentials", async (t) => {
8080
t.equals(body.code, "EBADAUTH", "error has EBADAUTH code");
8181
});
8282

83+
test("fails to sign in with missing username and password", async (t) => {
84+
t.plan(3);
85+
const request = supertest(createApp());
86+
87+
let {body} = await request.post("/").expect(400);
88+
89+
t.ok(body.error, "responds with error");
90+
t.equals(body.status, 400, "is bad request error");
91+
t.equals(body.code, "EBADINPUT", "error has bad input code");
92+
});
93+
8394
test("renews token, responding with new token", async (t) => {
8495
t.plan(8);
8596
const request = supertest(createApp());

0 commit comments

Comments
 (0)