From 5227032a6a17359e47255e6821fa88a093f32dcd Mon Sep 17 00:00:00 2001
From: Wai Sing Yiu <wai.sing.yiu@guardian.co.uk>
Date: Mon, 21 Jul 2025 09:31:47 +0100
Subject: [PATCH 1/3] Handle no cookie value

---
 package-lock.json  |  4 ++--
 src/panda.ts       |  8 +++++++-
 test/panda.test.ts | 15 +++++++++++++++
 3 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e8e0d3d..453908e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@guardian/pan-domain-node",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@guardian/pan-domain-node",
-      "version": "1.0.0",
+      "version": "1.1.0",
       "license": "Apache-2.0",
       "dependencies": {
         "@aws-sdk/client-s3": "^3.299.0",
diff --git a/src/panda.ts b/src/panda.ts
index 0c5015e..186f039 100644
--- a/src/panda.ts
+++ b/src/panda.ts
@@ -146,8 +146,14 @@ export class PanDomainAuthentication {
         });
     }
 
-    verify(requestCookies: string): Promise<AuthenticationResult> {
+    verify(requestCookies: string | undefined): Promise<AuthenticationResult> {
         return this.getPublicKey().then(publicKey => {
+            if (!requestCookies) {
+                return {
+                    success: false,
+                    reason: 'no-cookie'
+                };
+            }
             const cookies = cookie.parse(requestCookies);
             const pandaCookie = cookies[this.cookieName];
             return verifyUser(pandaCookie, publicKey, new Date(), this.validateUser);
diff --git a/test/panda.test.ts b/test/panda.test.ts
index 19c92f8..5b35826 100644
--- a/test/panda.test.ts
+++ b/test/panda.test.ts
@@ -349,6 +349,21 @@ describe('panda class', function () {
       };
       expect(authenticationResult).toStrictEqual(expected);
     });
+
+    it('should fail to authenticate with no-cookie reason if no cookie is present at all', async () => {
+      jest.setSystemTime(100);
+
+      const panda = new PanDomainAuthentication('rightcookiename', 'region', 'bucket', 'keyfile', guardianValidation);
+      // There is a valid Panda cookie in here, but it's under the wrong name
+      const noCookie = undefined;
+      const authenticationResult = await panda.verify(noCookie);
+
+      const expected: CookieFailure = {
+        success: false,
+        reason: "no-cookie"
+      };
+      expect(authenticationResult).toStrictEqual(expected);
+    });
   });
 
 });

From 5c14027c6d4aa94fc721f6e1fc53ccd4a3ebdaba Mon Sep 17 00:00:00 2001
From: Wai Sing Yiu <wai.sing.yiu@guardian.co.uk>
Date: Mon, 21 Jul 2025 09:35:10 +0100
Subject: [PATCH 2/3] Add changeset

---
 .changeset/angry-camels-tie.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .changeset/angry-camels-tie.md

diff --git a/.changeset/angry-camels-tie.md b/.changeset/angry-camels-tie.md
new file mode 100644
index 0000000..b54ab34
--- /dev/null
+++ b/.changeset/angry-camels-tie.md
@@ -0,0 +1,5 @@
+---
+"@guardian/pan-domain-node": patch
+---
+
+Fix app crash with no cookie value

From 15775a7767a1a22627c8fe5425e0e43669b26f3d Mon Sep 17 00:00:00 2001
From: Wai Sing Yiu <wai.sing.yiu@guardian.co.uk>
Date: Mon, 21 Jul 2025 17:51:32 +0100
Subject: [PATCH 3/3] Code refactoring

---
 .changeset/angry-camels-tie.md | 2 +-
 src/panda.ts                   | 8 +-------
 test/panda.test.ts             | 1 -
 3 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/.changeset/angry-camels-tie.md b/.changeset/angry-camels-tie.md
index b54ab34..49f4581 100644
--- a/.changeset/angry-camels-tie.md
+++ b/.changeset/angry-camels-tie.md
@@ -1,5 +1,5 @@
 ---
-"@guardian/pan-domain-node": patch
+"@guardian/pan-domain-node": minor
 ---
 
 Fix app crash with no cookie value
diff --git a/src/panda.ts b/src/panda.ts
index 186f039..61348a1 100644
--- a/src/panda.ts
+++ b/src/panda.ts
@@ -148,13 +148,7 @@ export class PanDomainAuthentication {
 
     verify(requestCookies: string | undefined): Promise<AuthenticationResult> {
         return this.getPublicKey().then(publicKey => {
-            if (!requestCookies) {
-                return {
-                    success: false,
-                    reason: 'no-cookie'
-                };
-            }
-            const cookies = cookie.parse(requestCookies);
+            const cookies = cookie.parse(requestCookies ?? '');
             const pandaCookie = cookies[this.cookieName];
             return verifyUser(pandaCookie, publicKey, new Date(), this.validateUser);
         });
diff --git a/test/panda.test.ts b/test/panda.test.ts
index 5b35826..a27897a 100644
--- a/test/panda.test.ts
+++ b/test/panda.test.ts
@@ -354,7 +354,6 @@ describe('panda class', function () {
       jest.setSystemTime(100);
 
       const panda = new PanDomainAuthentication('rightcookiename', 'region', 'bucket', 'keyfile', guardianValidation);
-      // There is a valid Panda cookie in here, but it's under the wrong name
       const noCookie = undefined;
       const authenticationResult = await panda.verify(noCookie);