angular2-authentication-sample icon indicating copy to clipboard operation
angular2-authentication-sample copied to clipboard

Published 20 hours ago verified publisher icon auth0-blog

Getting access to secured API, even if logged out

Open neilyoung opened this issue 9 years ago • 2 comments

After successful Login/Logout sequence I can login again by providing the correct username together with a wrong password.

neilyoung avatar Jan 11 '16 22:01 neilyoung

I think it is a matter of wrong logical operator precedence. Change line 47 in backend/user-routes.js to

if (!(user.password === req.body.password)) {

neilyoung avatar Jan 11 '16 22:01 neilyoung

I can't seem to reproduce this--I can't log back in with the correct username but wrong password.

chenkie avatar Feb 26 '16 04:02 chenkie