From f7cffe2e911236853f942bade2a002ff5cf2c6c4 Mon Sep 17 00:00:00 2001
From: Dara Hayes <dara.hayes@redhat.com>
Date: Tue, 25 Jun 2019 12:16:44 +0100
Subject: [PATCH] fix: ensure onSubscriptionConnect throws when no
 connectionParams supplied

---
 .../src/KeycloakSecurityService.ts            |  3 ++
 .../test/KeycloakSecurityService.test.ts      | 37 +++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/packages/voyager-keycloak/src/KeycloakSecurityService.ts b/packages/voyager-keycloak/src/KeycloakSecurityService.ts
index ebccbf3c..1264ba29 100644
--- a/packages/voyager-keycloak/src/KeycloakSecurityService.ts
+++ b/packages/voyager-keycloak/src/KeycloakSecurityService.ts
@@ -97,6 +97,9 @@ export class KeycloakSecurityService implements SecurityService {
   }
 
   public async onSubscriptionConnect(connectionParams: any, webSocket: any, context: any): Promise<any> {
+    if (!connectionParams || typeof connectionParams !== 'object') {
+      throw new Error('Access Denied - missing connection parameters for Authentication')
+    }
     const header = connectionParams.Authorization
                   || connectionParams.authorization
                   || connectionParams.Auth
diff --git a/packages/voyager-keycloak/test/KeycloakSecurityService.test.ts b/packages/voyager-keycloak/test/KeycloakSecurityService.test.ts
index 78068465..2c37cb3a 100644
--- a/packages/voyager-keycloak/test/KeycloakSecurityService.test.ts
+++ b/packages/voyager-keycloak/test/KeycloakSecurityService.test.ts
@@ -3,6 +3,43 @@ import test from 'ava'
 import { KeycloakSecurityService } from '../src/KeycloakSecurityService'
 import { Token } from '../src/KeycloakToken';
 
+test('onSubscriptionConnect throws if no connectionParams Provided', async t => {
+  const stubKeycloak = {
+    grantManager: {
+      validateToken: (token: string, type: 'string') => {
+        return new Promise((resolve, reject) => {
+          resolve(true)
+        })
+      }
+    }
+  }
+
+  const securityService = new KeycloakSecurityService({}, { log: console, keycloak: stubKeycloak })
+
+  await t.throwsAsync(async () => {
+    await securityService.onSubscriptionConnect(null, {}, {})
+  }, 'Access Denied - missing connection parameters for Authentication')
+})
+
+test('onSubscriptionConnect throws if no connectionParams is not an object', async t => {
+  const stubKeycloak = {
+    grantManager: {
+      validateToken: (token: string, type: 'string') => {
+        return new Promise((resolve, reject) => {
+          resolve(true)
+        })
+      }
+    }
+  }
+
+  const securityService = new KeycloakSecurityService({}, { log: console, keycloak: stubKeycloak })
+  const connectionParams = 'not an object'
+
+  await t.throwsAsync(async () => {
+    await securityService.onSubscriptionConnect(connectionParams, {}, {})
+  }, 'Access Denied - missing connection parameters for Authentication')
+})
+
 test('onSubscriptionConnect throws if no Auth provided', async t => {
   const stubKeycloak = {
     grantManager: {