Merge pull request #3138 from overleaf/jel-csrf-fix

Fix validateToken signature GitOrigin-RevId: fbedaa76ec0fa2134a08aa43c28c3756f8a2afe6
2026-06-01 05:11:34 +02:00 · 2020-08-24 11:15:26 -05:00
parent 2cd5bcca60
commit bde7ef600f
2 changed files with 5 additions and 7 deletions
--- a/services/web/app/src/infrastructure/Csrf.js
+++ b/services/web/app/src/infrastructure/Csrf.js
@@ -76,11 +76,8 @@ class Csrf {
  }

  static validateToken(token, session, cb) {
-    if (cb == null) {
-      cb = function(valid) {}
-    }
    if (token == null) {
-      return cb(false)
+      return cb(new Error('missing token'))
    }
    // run a dummy csrf check to see if it returns an error
    // use this to simulate a csrf check regardless of req method, headers &c.
--- a/services/web/test/unit/src/infrastructure/CsrfTests.js
+++ b/services/web/test/unit/src/infrastructure/CsrfTests.js
@@ -180,7 +180,7 @@ describe('Csrf', function() {
    })

    describe('when there is no token', function() {
-      it('calls the callback with `false`', function() {
+      it('calls the callback with an error', function() {
        this.Csrf = SandboxedModule.require(modulePath, {
          globals: {
            console: console
@@ -192,8 +192,9 @@ describe('Csrf', function() {
          }
        })
        this.cb = sinon.stub()
-        this.Csrf.validateToken(null, {}, this.cb)
-        return expect(this.cb.calledWith(false)).to.equal(true)
+        this.Csrf.validateToken(null, {}, error => {
+          expect(error).to.exist
+        })
      })
    })
  })