Change impl to check for truthy values.

taeold · taeold · commit bd8db7d12ea4 · 2025-02-10T16:07:17.000-08:00
diff --git a/spec/v2/providers/https.spec.ts b/spec/v2/providers/https.spec.ts
@@ -543,7 +543,7 @@ describe("onCall", () => {
         expect(noClaimResp.status).to.equal(403);
       });
 
-      it("should check single claim with default value (true)", async () => {
+      it("should check single claim with default value (truthy)", async () => {
         const func = https.onCall(
           {
             authPolicy: https.hasClaim("admin"),
@@ -553,12 +553,15 @@ describe("onCall", () => {
         const validResp = await runHandler(func, request({ auth: { admin: true } }));
         expect(validResp.status).to.equal(200);
 
-        const wrongTypeResp = await runHandler(func, request({ auth: { admin: "true" } }));
-        expect(wrongTypeResp.status).to.equal(403);
+        const truthyResp = await runHandler(func, request({ auth: { admin: "true" } }));
+        expect(truthyResp.status).to.equal(200);
 
         const falseResp = await runHandler(func, request({ auth: { admin: false } }));
         expect(falseResp.status).to.equal(403);
 
+        const falseStrResp = await runHandler(func, request({ auth: { admin: "false" } }));
+        expect(falseStrResp.status).to.equal(403);
+
         const noClaimResp = await runHandler(func, request({ auth: {} }));
         expect(noClaimResp.status).to.equal(403);
       });
diff --git a/src/v2/providers/https.ts b/src/v2/providers/https.ts
@@ -248,7 +248,7 @@ export function hasClaim(
   let claimsToCheck: Record<string, unknown> = {};
 
   if (typeof claimOrClaims === "string") {
-    claimsToCheck[claimOrClaims] = value ?? true;
+    claimsToCheck[claimOrClaims] = value;
   } else if (Array.isArray(claimOrClaims)) {
     for (const claim of claimOrClaims) {
       claimsToCheck[claim] = true;
@@ -265,8 +265,15 @@ export function hasClaim(
       if (!(claim in auth.token)) {
         throw new Error(`Missing claim '${claim}'`);
       }
-      if (auth.token[claim] !== claimsToCheck[claim]) {
-        throw new Error(`Missing claim '${claim}' with value '${value}'`);
+      const expectedValue = claimsToCheck[claim];
+      const actualValue = auth.token[claim];
+
+      if (expectedValue === undefined) {
+        if (!actualValue || actualValue === "false") {
+          return false;
+        }
+      } else if (actualValue !== expectedValue) {
+        return false;
       }
     }
     return true;
