Added more validation to validateToken

Luciano Nooijen · Luciano Nooijen · commit 38660343d808 · 2018-11-24T14:53:18.000+01:00
diff --git a/controllers/auth.js b/controllers/auth.js
@@ -47,12 +47,23 @@ const generateToken = async (username, password) => {
 };
 
 const validateToken = async token => {
-    const decodedToken = decodeJWT(token);
+    let decodedToken = '';
+
+    // Check if token can be decoded, is valid format
+    try {
+        decodedToken = decodeJWT(token);
+    } catch (err) {
+        return false;
+    }
+
+    // Check if token has not expired
     try {
         validateJWT(token);
     } catch (err) {
         return false;
     }
+
+    // Check if user from payload exists
     const tokenUserID = decodedToken.data.id;
     const tokenUser = await Users.getUser(tokenUserID);
     if (!tokenUser) {
diff --git a/tests/controllers/auth.test.ts b/tests/controllers/auth.test.ts
@@ -86,6 +86,13 @@ describe('Auth Controller', () => {
         expect(invalidTokenIsValid).toBe(false);
     });
 
+    test('validateToken should fail if token is invalid format', async () => {
+        expect.assertions(1);
+        const invalidToken = 'thisisaninvalidtoken';
+        const invalidTokenIsValid = await validateToken(invalidToken);
+        expect(invalidTokenIsValid).toBe(false);
+    });
+
     test('validateToken should fail if token has expired', async () => {
         expect.assertions(1);
         const addedUser = await addUser(testUser2);
