fix(api): tolerate an empty client_secret in /destroy

mozilla · Jun 30, 2015 · 25a4d30 · 25a4d30
1 parent c797ed2
commit 25a4d30
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/lib/routes/destroy.js b/lib/routes/destroy.js
@@ -17,7 +17,7 @@ module.exports = {
         .length(config.get('unique.token') * 2) // hex = bytes*2
         .regex(validators.HEX_STRING)
         .required(),
-      client_secret: Joi.string()
+      client_secret: Joi.string().allow('')
     }
   },
   handler: function destroyToken(req, reply) {

diff --git a/test/api.js b/test/api.js
@@ -1455,5 +1455,18 @@ describe('/v1', function() {
         assert.equal(res.statusCode, 200);
       });
     });
+    it('should accept empty client_secret', function() {
+      return newToken().then(function(res) {
+        return Server.api.post({
+          url: '/destroy',
+          payload: {
+            token: res.result.access_token,
+            client_secret: ''
+          }
+        });
+      }).then(function(res) {
+        assert.equal(res.statusCode, 200);
+      });
+    });
   });
 });