Bug: Password field cannot be empty
relativityboy opened this issue · 0 comments
relativityboy commented
In some cases users may need to have a password that is ``. passport-local fails with the message Missing credentials
in this case.
This error is wrong, as the password property is present on `req.body`
A zero length password can be useful in testing, initial signup on a closed network, etc.
Expected behavior
When the 'username' and 'password' properties are present on req.body
the validation function should be called, unless those properties are undefined.
Actual behavior
If req.body.$passwordField
is `` the validation function is not called.
Steps to reproduce
Instantiate any app and pass a password of zero-length when logging in.
Slightly contrived example.
passport.use(new LocalStrategy(
{
usernameField: 'email',
passwordField: 'password'
},
(email, password, done) => {
console.log('LocalStrategy', email, password)
if(email !== 'admin') return done(null, false, { message: 'Incorrect username.' })
if(password !== '') return done(null, false, { message: 'Password should be empty.' })
}))
Environment
- Operating System:
- Node version: 10.x
- passport version: 0.4.0
- passport-local version: 1.0.0