From 794c3e2cba890a33b0bc09426c514fd03946029f Mon Sep 17 00:00:00 2001 From: Matthew Taylor Date: Thu, 30 Jun 2016 11:27:46 -0400 Subject: [PATCH 1/2] Set null contents to null instead of error throw Before, if a cookie didn't exist, it would throw an error, not causing permissions/tokens to change to empty values. This fixes that (and #626) by setting the value to undefined instead. --- src/lib/jar.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/lib/jar.js b/src/lib/jar.js index 02cf98400..ede7765d6 100644 --- a/src/lib/jar.js +++ b/src/lib/jar.js @@ -15,7 +15,8 @@ var Jar = { // Return the usable content portion of a signed, compressed cookie generated by // Django's signing module // https://github.com/django/django/blob/stable/1.8.x/django/core/signing.py - if (!value) return callback('No value to unsign'); + if (typeof value === 'undefined') return callback(null, value); + try { var b64Data = value.split(':')[0]; var decompress = false; @@ -80,6 +81,8 @@ var Jar = { if (err) return callback(err); Jar.unsign(value, function (err, contents) { if (err) return callback(err); + if (typeof contents === 'undefined') return callback(null, contents); + try { var data = JSON.parse(contents); } catch (err) { From 04aa7e01eface70c558ea77cbac34ae5d2860074 Mon Sep 17 00:00:00 2001 From: Matthew Taylor Date: Thu, 30 Jun 2016 11:40:05 -0400 Subject: [PATCH 2/2] check for the null value in `get` thanks @rschamp! --- src/lib/jar.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib/jar.js b/src/lib/jar.js index ede7765d6..b5a16846c 100644 --- a/src/lib/jar.js +++ b/src/lib/jar.js @@ -79,9 +79,10 @@ var Jar = { // Get a value from a signed object Jar.get(cookieName, function (err, value) { if (err) return callback(err); + if (typeof value === 'undefined') return callback(null, value); + Jar.unsign(value, function (err, contents) { if (err) return callback(err); - if (typeof contents === 'undefined') return callback(null, contents); try { var data = JSON.parse(contents);