Fix for unhandled undefined config

spec/PublicAPI.spec.js

@@ -63,3 +63,47 @@ describe("public API without publicServerURL", () => {
     });
   });
 });
+
+
+describe("public API supplied with invalid application id", () => {
+  beforeEach(done => {
+    reconfigureServer({appName: "unused"})
+      .then(done, fail);
+  });
+
+  it("should get 403 on verify_email", (done) => {
+    request('http://localhost:8378/1/apps/invalid/verify_email', (err, httpResponse) => {
+      expect(httpResponse.statusCode).toBe(403);
+      done();
+    });
+  });
+
+  it("should get 403 choose_password", (done) => {
+    request('http://localhost:8378/1/apps/choose_password?id=invalid', (err, httpResponse) => {
+      expect(httpResponse.statusCode).toBe(403);
+      done();
+    });
+  });
+
+  it("should get 403 on get of request_password_reset", (done) => {
+    request('http://localhost:8378/1/apps/invalid/request_password_reset', (err, httpResponse) => {
+      expect(httpResponse.statusCode).toBe(403);
+      done();
+    });
+  });
+
+
+  it("should get 403 on post of request_password_reset", (done) => {
+    request.post('http://localhost:8378/1/apps/invalid/request_password_reset', (err, httpResponse) => {
+      expect(httpResponse.statusCode).toBe(403);
+      done();
+    });
+  });
+
+  it("should get 403 on resendVerificationEmail", (done) => {
+    request('http://localhost:8378/1/apps/invalid/resend_verification_email', (err, httpResponse) => {
+      expect(httpResponse.statusCode).toBe(403);
+      done();
+    });
+  });
+});

src/Routers/PublicAPIRouter.js

@@ -15,6 +15,10 @@ export class PublicAPIRouter extends PromiseRouter {
     const appId = req.params.appId;
     const config = Config.get(appId);
 
+    if(!config){
+      this.invalidRequest();
+    }
+
     if (!config.publicServerURL) {
       return this.missingPublicServerURL();
     }
@@ -40,6 +44,10 @@ export class PublicAPIRouter extends PromiseRouter {
     const appId = req.params.appId;
     const config = Config.get(appId);
 
+    if(!config){
+      this.invalidRequest();
+    }
+
     if (!config.publicServerURL) {
       return this.missingPublicServerURL();
     }
@@ -66,6 +74,11 @@ export class PublicAPIRouter extends PromiseRouter {
   changePassword(req) {
     return new Promise((resolve, reject) => {
       const config = Config.get(req.query.id);
+
+      if(!config){
+        this.invalidRequest();
+      }
+
       if (!config.publicServerURL) {
         return resolve({
           status: 404,
@@ -89,6 +102,10 @@ export class PublicAPIRouter extends PromiseRouter {
 
     const config = req.config;
 
+    if(!config){
+      this.invalidRequest();
+    }
+
     if (!config.publicServerURL) {
       return this.missingPublicServerURL();
     }
@@ -114,6 +131,10 @@ export class PublicAPIRouter extends PromiseRouter {
 
     const config = req.config;
 
+    if(!config){
+      this.invalidRequest();
+    }
+
     if (!config.publicServerURL) {
       return this.missingPublicServerURL();
     }
@@ -135,7 +156,7 @@ export class PublicAPIRouter extends PromiseRouter {
         location: `${config.passwordResetSuccessURL}?${params}`
       });
     }, (err) => {
-      const params = qs.stringify({username: username, token: token, id: config.applicationId, error:err, app:config.appName})
+      const params = qs.stringify({username: username, token: token, id: config.applicationId, error:err, app:config.appName});
       return Promise.resolve({
         status: 302,
         location: `${config.choosePasswordURL}?${params}`
@@ -171,6 +192,13 @@ export class PublicAPIRouter extends PromiseRouter {
     });
   }
 
+  invalidRequest() {
+    const error = new Error();
+    error.status = 403;
+    error.message = "unauthorized";
+    throw error;
+  }
+
   setConfig(req) {
     req.config = Config.get(req.params.appId);
     return Promise.resolve();