totp.verify doesn't throw any error when invalid options are passed

speakeasyjs / speakeasy

**NOT MAINTAINED** Two-factor authentication for Node.js. One-time passcode generator (HOTP/TOTP) with support for Google Authenticator.

MIT License

2.68k stars 229 forks source link

totp.verify doesn't throw any error when invalid options are passed #115

Open ninofiliu opened 5 years ago

ninofiliu commented 5 years ago

Short issue here!

I inadvertently tried to calculate

speakeasy.totp.verify({
  secret: undefined, // should have been a string
  encoding: 'ascii',
  token: "123456"
}

And I had trouble debugging my program - the function spent a lot of time computing and never returned. I think a better behavior would be to check the validity of inputs and throwing errors when invalid options are passed.