diff --git a/src/master/master.js b/src/master/master.js index cca35a604..b14910a22 100644 --- a/src/master/master.js +++ b/src/master/master.js @@ -68,10 +68,6 @@ export const isActionFromAuthenticPlayer = ({ return true; } - if (!action.payload) { - return true; - } - const hasCredentials = Object.keys(gameMetadata.players).some(key => { return !!( gameMetadata.players[key] && gameMetadata.players[key].credentials @@ -81,6 +77,10 @@ export const isActionFromAuthenticPlayer = ({ return true; } + if (!action.payload) { + return false; + } + if (!action.payload.credentials) { return false; } diff --git a/src/master/master.test.js b/src/master/master.test.js index 64b7c8c3e..7970246b7 100644 --- a/src/master/master.test.js +++ b/src/master/master.test.js @@ -439,22 +439,6 @@ describe('isActionFromAuthenticPlayer', () => { }); }); - describe('when action contains no payload', () => { - beforeEach(() => { - action = {}; - }); - - test('the action is authentic', async () => { - const result = isActionFromAuthenticPlayer({ - action, - gameMetadata, - playerID, - }); - - expect(result).toBeTruthy(); - }); - }); - describe('when game has no credentials', () => { beforeEach(() => { gameMetadata = { @@ -476,6 +460,22 @@ describe('isActionFromAuthenticPlayer', () => { }); describe('when game has credentials', () => { + describe('when action contains no payload', () => { + beforeEach(() => { + action = {}; + }); + + test('the action is not authentic', async () => { + const result = isActionFromAuthenticPlayer({ + action, + gameMetadata, + playerID, + }); + + expect(result).toBeFalsy(); + }); + }); + describe('when action contains no credentials', () => { beforeEach(() => { action = {