search

LionC / express-basic-auth

Plug & play basic auth middleware for express
328 stars 57 forks source link

TypeError: "string" must be a string, Buffer, or ArrayBuffer #32

Closed AO19 closed 2 years ago

AO19 commented 4 years ago

Version: 1.2.0

In my project basic-auth works just fine, with a custom Authorizer for specific routes.

But when I'm using this code, 

app.get('/api/auth', basicAuth({
  users: { 'username': 'password'},
  challenge: true,
  realm: 'domain',
}))

for a unique endpoint, I'll get the following error:

TypeError: "string" must be a string, Buffer, or ArrayBuffer
    at Function.byteLength (buffer.js:481:11)
    at safeCompare (/opt/project-name/node_modules/express-basic-auth/index.js:9:33)
    at staticUsersAuthorizer (/opt/project-name/node_modules/express-basic-auth/index.js:42:43)
    at authMiddleware (/opt/project-name/node_modules/express-basic-auth/index.js:61:18)
    at Layer.handle [as handle_request] (/opt/project-name/node_modules/express/lib/router/layer.js:95:5)
    at next (/opt/project-name/node_modules/express/lib/router/route.js:137:13)
    at Route.dispatch (/opt/project-name/node_modules/express/lib/router/route.js:112:3)
    at Layer.handle [as handle_request] (/opt/project-name/node_modules/express/lib/router/layer.js:95:5)
    at /opt/project-name/node_modules/express/lib/router/index.js:281:22
    at Function.process_params (/opt/project-name/node_modules/express/lib/router/index.js:335:12)

Basically, what I'm doing is: User can enter a specific endpoint, the browser native challenge input pops up, after entering the credentials he gets to pass...

But I keep getting this error.

cdhowie commented 4 years ago

I cannot reproduce this issue with the code you've given.

The backtrace points to one of the values of your users object not being a string. I'm guessing that the sample code you've posted is not what you're actually using. Look at your users object and make sure that all of the values are strings.

Note that this module uses for ... in instead of for ... of to iterate this object, so it will iterate over inherited enumerable attributes. If your code or a dependency has extended Object.prototype with enumerable attributes, you would run into this problem.

makinde commented 4 years ago

FWIW, this happens for me as well. When the browser (Chrome) prompts to credentials, and I just press submit (without entering a username or password), I get this error.

kenlju commented 3 years ago

I someone else runs into this. I got this error and after some debugging I noticed I had defined a credential with undefined as password like below.

{ 
   "username": undefined
}
davidhernandeze commented 3 years ago

@kenlju you saved me hours of debugging !