fix: improve secret option validation in session function

bjohansebas · bjohansebas · commit 38e40862ab71 · 2025-03-15T21:26:28.000-05:00
diff --git a/index.js b/index.js
@@ -143,7 +143,7 @@ function session(options) {
     secrets = [secrets];
   }
 
-  if (secrets === undefined) {
+  if (!secrets) {
     throw new Error('secret option required for sessions');
   }
 
diff --git a/test/session.js b/test/session.js
@@ -1178,8 +1178,11 @@ describe('session()', function(){
   });
 
   describe('secret option', function () {
-    it('should reject without secret', function(){
-      assert.throws(session.bind(null, { secret: undefined }), /secret.*required/)
+    it('should reject without secret',function () {
+      for (const secret of [undefined, null, '', false]) {
+        console.log(secret)
+        assert.throws(session.bind(null, { secret }), /secret option required for sessions/)
+      }
     })
 
     it('should reject empty arrays', function () {

Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,7 @@ function session(options) {`
`143`	`143`	`secrets = [secrets];`
`144`	`144`	`}`
`145`	`145`
`146`		`- if (secrets === undefined) {`
	`146`	`+ if (!secrets) {`
`147`	`147`	`throw new Error('secret option required for sessions');`
`148`	`148`	`}`
`149`	`149`