web-push-libs · marco-c · Sep 20, 2016 · Aug 30, 2016 · Sep 18, 2016 · Sep 18, 2016
diff --git a/src/encryption-helper.js b/src/encryption-helper.js
@@ -10,19 +10,28 @@ const encrypt = function(userPublicKey, userAuth, payload) {
   }
 
   if (typeof userPublicKey !== 'string') {
-    throw new Error('User auth must be a string.');
+    throw new Error('The subscription p256dh value must be a string.');
+  }
+
+  if (urlBase64.decode(userPublicKey).length !== 65) {
+    throw new Error('The subscription p256dh value should be 65 bytes long.');
   }
 
   if (!userAuth) {
     throw new Error('No user auth provided for encryption.');
   }
 
   if (typeof userAuth !== 'string') {
-    throw new Error('User auth must be a string.');
+    throw new Error('The subscirption auth key must be a string.');
+  }
+
+  if (urlBase64.decode(userAuth).length < 16) {
+    throw new Error('The subscription auth key should be at least 16 ' +
+      'bytes long');
   }
 
-  if (userAuth.length < 22) {
-    throw new Error('User auth should be 22 bytes or more.');
+  if (typeof payload !== 'string' && !Buffer.isBuffer(payload)) {
+    throw new Error('Payload must be either a string or a Node Buffer.');
   }
 
   if (typeof payload === 'string' || payload instanceof String) {

diff --git a/src/vapid-helper.js b/src/vapid-helper.js
@@ -39,8 +39,8 @@ function generateVAPIDKeys() {
 
 /**
  * This method takes the required VAPID parameters and returns the required
- * header to added to a Web Push Protocol Request.
- * @param  {string} audience       This must be the origni of the push service.
+ * header to be added to a Web Push Protocol Request.
+ * @param  {string} audience       This must be the origin of the push service.
  * @param  {string} subject        This should be a URL or a 'mailto:' email
  * address.
  * @param  {Buffer} publicKey      The VAPID public key.

diff --git a/src/web-push-lib.js b/src/web-push-lib.js
@@ -116,33 +116,6 @@ WebPushLib.prototype.sendNotification =
       }
     }
 
-    // Test subscription is an Object
-    //
-    // Test subscription has an endpoint string with length
-    //
-    // Test subscription only has endpoint keys and auth / p256dh keys
-    //
-    // Test keys
-    //    if (userPublicKey) {
-    //      if (typeof userPublicKey !== 'string') {
-    //        throw new Error('userPublicKey should be a base64-encoded string.');
-    //      } else if (urlBase64.decode(userPublicKey).length !== 65) {
-    //        throw new Error('userPublicKey should be 65 bytes long.');
-    //      }
-    //    }
-    //
-    //    if (userAuth) {
-    //      if (typeof userAuth !== 'string') {
-    //        throw new Error('userAuth should be a base64-encoded string.');
-    //      } else if (urlBase64.decode(userAuth).length < 16) {
-    //        throw new Error('userAuth should be at least 16 bytes long');
-    //      }
-    //    }
-    //
-    // Test payload is a string
-    //
-    // Test options for gcm api key, vapid details and ttl
-
     if (typeof timeToLive === 'undefined') {
       timeToLive = DEFAULT_TTL;
     }
@@ -156,6 +129,15 @@ WebPushLib.prototype.sendNotification =
     let requestPayload = null;
 
     if (payload) {
+      if (!subscription.keys ||
+        typeof subscription !== 'object' ||
+        !subscription.keys.p256dh ||
+        !subscription.keys.auth) {
+        return Promise.reject(new Error('Unable to send a message with ' +
+          'payload to this subscription since it doesn\'t have the ' +
+          'required encryption keys'));
+      }
+
       try {
         const encrypted = encryptionHelper.encrypt(
           subscription.keys.p256dh, subscription.keys.auth, payload);

diff --git a/test/test-encryption-helper.js b/test/test-encryption-helper.js
@@ -58,6 +58,10 @@ suite('Test Encryption Helpers', function() {
       function() {
         // Invalid auth size
         webPush.encrypt(VALID_PUBLIC_KEY, 'Fake', 'Example');
+      },
+      function() {
+        // Invalid auth size
+        webPush.encrypt(VALID_PUBLIC_KEY, VALID_AUTH, []);
       }
     ];
 

diff --git a/test/testSelenium.js b/test/testSelenium.js
@@ -23,6 +23,7 @@
 
   // We need geckodriver on the path
   require('geckodriver');
+  require('chromedriver');
   /* eslint-enable global-require */
 
   const PUSH_TEST_TIMEOUT = 120 * 1000;

diff --git a/test/testSendNotification.js b/test/testSendNotification.js
@@ -442,6 +442,37 @@ suite('sendNotification', function() {
         },
         message: 'hello'
       }
+    }, {
+      testTitle: 'Payload provided with invalid keys',
+      requestOptions: {
+        subscription: {
+          endpoint: true,
+          keys: 'silly example'
+        },
+        message: 'hello'
+      }
+    }, {
+      testTitle: 'Payload provided with only p256dh keys',
+      requestOptions: {
+        subscription: {
+          endpoint: true,
+          keys: {
+            p256dh: urlBase64.encode(userPublicKey)
+          }
+        },
+        message: 'hello'
+      }
+    }, {
+      testTitle: 'Payload provided with only auth keys',
+      requestOptions: {
+        subscription: {
+          endpoint: true,
+          keys: {
+            auth: urlBase64.encode(userAuth)
+          }
+        },
+        message: 'hello'
+      }
     }, {
       testTitle: 'userPublicKey argument isn\'t a string',
       requestOptions: {
@@ -512,6 +543,16 @@ suite('sendNotification', function() {
       },
       addEndpoint: true,
       serverFlags: ['statusCode=404']
+    }, {
+      testTitle: 'rejects when payload isn\'t a string or buffer',
+      requestOptions: {
+        subscription: {
+          keys: VALID_KEYS
+        },
+        message: []
+      },
+      addEndpoint: true,
+      serverFlags: ['statusCode=404']
     }
   ];