passport-local icon indicating copy to clipboard operation
passport-local copied to clipboard

Published 20 hours ago verified publisher icon jaredhanson

Username And Password.

Open andreipet opened this issue 10 years ago • 8 comments

Hello? Can we remove:

if (!username || !password) { return this.fail({ message: options.badRequestMessage || 'Missing credentials' }, 400); }

_verify callback is not called in this case and I don't see why not. I don't want to set empty user name or password but I want to always do some sets in verify callback. Thank you.

andreipet avatar May 06 '14 13:05 andreipet

I agree. I would like to control the errors in this case. Are there other reasons in the rest of the passport framework that require this line of code?

cwoloszynski avatar Nov 29 '14 17:11 cwoloszynski

I agree too, I just wrote a post on stackoverflow and now I see what is my problem... Something like this would be good :

passport.use('local-login', new LocalStrategy({
    usernameField: 'email',
    passReqToCallback: true,
    allowNoField: true
}, callback);

Here is my question : http://stackoverflow.com/questions/27464091/passport-strategy-without-fields

jbltx avatar Dec 13 '14 22:12 jbltx

@jbltx Looking forward for your pull request #91 get merged.

NemoStein avatar Feb 03 '15 15:02 NemoStein

Agreed! This would be useful feature.

kimmobrunfeldt avatar Sep 16 '15 09:09 kimmobrunfeldt

Just discovered this myself. :+1:

vuaru avatar Dec 17 '15 12:12 vuaru

+1

alexlawrence avatar Feb 04 '16 12:02 alexlawrence

Discovered that having 0 or 1 field only filled would do unexpected and even worse SILENT behaviour. Looked for 2 hours in my code before looking at the module. In my opinion, passport should send an error when there are not enough field filled.

N0bl3 avatar Oct 06 '16 22:10 N0bl3

I agree, also had this issue.

Silently failing when empty username and passwords are provided is potentially dangerous.

It seems there hasn't been any development on this?

Aranir avatar Jul 28 '17 15:07 Aranir