Giters

jaredhanson / passport-http

HTTP Basic and Digest authentication strategies for Passport and Node.js.

Home Page:https://www.passportjs.org/packages/passport-http/?utm_source=github&utm_medium=referral&utm_campaign=passport-http&utm_content=about

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Password not required

jackdent opened this issue · comments

commented

Some APIs (including mine!) use HTTP Basic Auth, but read the username as an API token and ignore the password field. Notably, Stripe does this. It would be great to have the ability to pass a passwordRequired option, which defaults to true to preserve backwards compatability, but that can be set to false to disable the requirement.

From this:

var userid = credentials[0];
var password = credentials[1];
if (!userid || !password) {
    return this.fail(this._challenge());
}

To this:

var userid = credentials[0];
var password = credentials[1];
if (!userid || (options.passwordRequired && !password)) {
    return this.fail(this._challenge());
}

I'm happy to submit a pull request