Logical precedence problem fixed

auth0-blog / angular2-authentication-sample

This is a sample that shows how to add authentication to an Angular 2 (ng2) app

MIT License

966 stars 334 forks source link

Logical precedence problem fixed #45

Closed neilyoung closed 8 years ago

chenkie commented 8 years ago

Thanks for this PR :) Can you elaborate on this fix, specifically in what cases the existing code would fail? Thanks!

chanoch commented 8 years ago

Chenkie - have a look at the code. Line 47 of user-routes has the following line:

if(!user.password === req.body.password) {

This will cause user.password to be evaluated for a truthy/falsy value and then compared with req.body.password. This pull request checks for equality between the two values and then negates the result.

Did you intend the result to be false unless the password is an empty string?

neilyoung commented 8 years ago

Sorry. Didn't comment because I got no mail notification :( However, seems to be ok now :)