Always throw error objects instead of strings (#412)

* Throw error objects instead of strings While JS *technically* allows code to throw anything (including undefined/null/NaN), it's often considered bad practice. * Remove unnecessary wrapper object in assertion
node-saml · Nov 2, 2020 · 8678139 · 8678139
1 parent a11ad61
commit 8678139
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 10 deletions.
diff --git a/src/passport-saml/saml.ts b/src/passport-saml/saml.ts
@@ -935,7 +935,7 @@ class SAML {
           });
 
           if (!hasValidQuerySignature) {
-            throw 'Invalid signature';
+            throw new Error('Invalid signature');
           }
         });
     } else {
@@ -957,7 +957,7 @@ class SAML {
       matchingAlgo = crypto.getHashes()[i];
     }
     else {
-      throw alg + ' is not supported';
+      throw new Error(alg + ' is not supported');
     }
 
     const verifier = crypto.createVerify(matchingAlgo);
@@ -982,7 +982,7 @@ class SAML {
     return (async () => {
       const statusCode = doc.LogoutResponse.Status[0].StatusCode[0].$.Value;
       if (statusCode !== "urn:oasis:names:tc:SAML:2.0:status:Success")
-        throw 'Bad status code: ' + statusCode;
+        throw new Error('Bad status code: ' + statusCode);
 
       this.verifyIssuer(doc.LogoutResponse);
       const inResponseTo = doc.LogoutResponse.$.InResponseTo;
@@ -999,9 +999,9 @@ class SAML {
       const issuer = samlMessage.Issuer;
       if (issuer) {
         if (issuer[0]._ !== this.options.idpIssuer)
-          throw 'Unknown SAML issuer. Expected: ' + this.options.idpIssuer + ' Received: ' + issuer[0]._;
+          throw new Error('Unknown SAML issuer. Expected: ' + this.options.idpIssuer + ' Received: ' + issuer[0]._);
       } else {
-        throw 'Missing SAML issuer';
+        throw new Error('Missing SAML issuer');
       }
     }
   }

diff --git a/test/tests.js b/test/tests.js
@@ -2865,7 +2865,7 @@ describe( 'passport-saml /', function() {
         samlObj.validateRedirect(this.request, this.request.originalQuery, function(err) {
           try {
             should.exist(err);
-            err.should.eql(
+            err.message.should.eql(
               'Unknown SAML issuer. Expected: foo Received: http://localhost:20000/saml2/idp/metadata.php'
             );
             done();
@@ -2891,7 +2891,7 @@ describe( 'passport-saml /', function() {
         samlObj.validateRedirect(this.request, this.request.originalQuery, function(err) {
           try {
             should.exist(err);
-            err.should.eql('Invalid signature');
+            err.message.should.eql('Invalid signature');
             done();
           } catch (err2) {
             done(err2);
@@ -2949,7 +2949,7 @@ describe( 'passport-saml /', function() {
         samlObj.validateRedirect(this.request, this.request.originalQuery, function(err) {
           try {
             should.exist(err);
-            err.should.eql(
+            err.message.should.eql(
               'Unknown SAML issuer. Expected: foo Received: http://localhost:20000/saml2/idp/metadata.php'
             );
             done();
@@ -2963,7 +2963,7 @@ describe( 'passport-saml /', function() {
         samlObj.validateRedirect(this.request, this.request.originalQuery, function(err) {
           try {
             should.exist(err);
-            err.should.eql(
+            err.message.should.eql(
               'Bad status code: urn:oasis:names:tc:SAML:2.0:status:Requester'
             );
             done();
@@ -2989,7 +2989,7 @@ describe( 'passport-saml /', function() {
         samlObj.validateRedirect(this.request, this.request.originalQuery, function(err) {
           try {
             should.exist(err);
-            err.should.eql('Invalid signature');
+            err.message.should.eql('Invalid signature');
             done();
           } catch (err2) {
             done(err2);