csrf-tokens
Advanced tools
Comparing version 1.0.1 to 1.0.2
@@ -42,2 +42,3 @@ | ||
function verify(secret, token) { | ||
if (!token || typeof token !== 'string') return false | ||
var expected = tokensize(secret, token.split('-')[0]) | ||
@@ -44,0 +45,0 @@ return scmp(token, expected) |
{ | ||
"name": "csrf-tokens", | ||
"description": "primary logic behind csrf tokens", | ||
"version": "1.0.1", | ||
"version": "1.0.2", | ||
"author": { | ||
@@ -6,0 +6,0 @@ "name": "Jonathan Ong", |
15
test.js
@@ -14,6 +14,14 @@ | ||
}) | ||
it('should create a secret asynchronously', function (done) { | ||
csrf.secret(function (err, secret) { | ||
assert.ifError(err) | ||
assert.equal('string', typeof secret) | ||
done() | ||
}) | ||
}) | ||
}) | ||
describe('.create()', function () { | ||
it('should create a token', function () { | ||
it('should create a token synchronously', function () { | ||
var token = csrf.create(secret) | ||
@@ -36,3 +44,8 @@ assert.equal('string', typeof token) | ||
}) | ||
it('should return `false` with invalid tokens', function () { | ||
assert(!csrf.verify(secret, undefined)) | ||
assert(!csrf.verify(secret, [])) | ||
}) | ||
}) | ||
}) |
5358
84