Mirrors/cloudcmd
1
0
Fork 0
mirror of https://github.com/coderaiser/cloudcmd.git synced 2026-01-23 10:45:47 +00:00
Code Issues Projects Releases Wiki Activity

fix(auth) blank password results in inability to authenticate

Browse source 
Found myself in a vicious loop if I failed to type in a password when prompted in Chrome. Every refresh of the page would fall into the criton check with a blank password. Seems Chrome wouldn't clear the headers until I closed the browser and/or switched to a new incognito tab. Probably a user error, but still, this avoided the criton throw.
This commit is contained in:
Eric Anderson 2016-09-05 12:36:30 -05:00 committed by coderaiser
parent 2164a025f3
commit eceb0ac2af
1 changed files with 7 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

10
lib/server/auth.js
View file

@ -29,14 +29,18 @@
}
function check(username, password, callback) {
var sameName,
var BAD_CREDENTIALS = false,
sameName,
samePass,
name = config('username'),
pass = config('password'),
algo = config('algo');
sameName = username === name;
samePass = pass === criton(password, algo);
if (!password)
return callback(BAD_CREDENTIALS);
sameName = username === name;
samePass = pass === criton(password, algo);
callback(sameName && samePass);
}