passport icon indicating copy to clipboard operation
passport copied to clipboard
verified publisher icon jaredhanson

Password with empty string causes failure w/out actually authenticating

Open lepolt opened this issue 12 years ago • 3 comments

When trying to login with the following credentials User: 'Admin' Pass: '' a new BadRequestError is being returned.

The authenticate fails in /passport-local/lib/passport-local/strategy.js Strategy.prototype.authenticate = function(req, options) { ... var password = lookup(req.body, this._passwordField) || lookup(req.query, this._passwordField);

In this example, the logical OR is doing password = '' || null With the way JavaScript works, the OR is returning the last value, which in this case is null

An empty string password should be allowed

lepolt avatar Sep 07 '13 02:09 lepolt

I agree. This is an issue.

sp1985 avatar Feb 18 '14 07:02 sp1985

issue from 2013..

ScriptArtist avatar Jun 17 '20 14:06 ScriptArtist

it will fix this "" ?? null

ScriptArtist avatar Jun 17 '20 14:06 ScriptArtist