From 298d8d6e52df6599447f782da907376b0e21dddd Mon Sep 17 00:00:00 2001
From: Iain Sproat <68657+iainsproat@users.noreply.github.com>
Date: Tue, 13 Aug 2024 09:12:06 +0100
Subject: [PATCH] fix(server/authcode): guard against null challenges (#2643)

- the database expects challenge to be not null, so we should guard against this early before consuming database resources
---
 packages/server/modules/auth/services/apps.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/packages/server/modules/auth/services/apps.js b/packages/server/modules/auth/services/apps.js
index b375f3097..3cee63aa6 100644
--- a/packages/server/modules/auth/services/apps.js
+++ b/packages/server/modules/auth/services/apps.js
@@ -204,6 +204,8 @@ module.exports = {
   },
 
   async createAuthorizationCode({ appId, userId, challenge }) {
+    if (!challenge) throw new Error('Please provide a valid challenge.')
+
     const ac = {
       id: crs({ length: 42 }),
       appId,