Open FlorianSW opened 7 years ago
Can we please merge this in? This fixes a critical issue for an application I'm working on.
Please merge this PR we need this fix asap
Any reason why this hasn't been merged? IMO it's also a sec issue since it lowers entropy of passwords. Users can base64 encode to get around this I suppose, but it's not ideal
I think this project might just be dead given this PR has been up for 7 years, and the original issue (https://github.com/jaredhanson/passport-http/issues/20) + PR (https://github.com/jaredhanson/passport-http/pull/21) have been up for over 10 years.
A colon is a valid character in the password, however currently the chars including and after the colon are stripped of the password which leads in false-positives (user can't login even if the password is correct). This commit fixes that.
Fixes #20