cwoloszynski
commented
10 years ago I agree. I would like to control the errors in this case. Are there other reasons in the rest of the passport framework that require this line of code?
Open andreipet opened 10 years ago
cwoloszynski
commented
10 years ago I agree. I would like to control the errors in this case. Are there other reasons in the rest of the passport framework that require this line of code?
jbltx
commented
9 years ago I agree too, I just wrote a post on stackoverflow and now I see what is my problem... Something like this would be good :
passport.use('local-login', new LocalStrategy({
usernameField: 'email',
passReqToCallback: true,
allowNoField: true
}, callback);Here is my question : http://stackoverflow.com/questions/27464091/passport-strategy-without-fields
NemoStein
commented
9 years ago @jbltx Looking forward for your pull request #91 get merged.
kimmobrunfeldt
commented
9 years ago Agreed! This would be useful feature.
vuaru
commented
8 years ago Just discovered this myself. :+1:
alexlawrence
commented
8 years ago +1
N0bl3
commented
8 years ago Discovered that having 0 or 1 field only filled would do unexpected and even worse SILENT behaviour. Looked for 2 hours in my code before looking at the module. In my opinion, passport should send an error when there are not enough field filled.
Aranir
commented
7 years ago I agree, also had this issue.
Silently failing when empty username and passwords are provided is potentially dangerous.
It seems there hasn't been any development on this?
Hello? Can we remove:
if (!username || !password) { return this.fail({ message: options.badRequestMessage || 'Missing credentials' }, 400); }
_verify callback is not called in this case and I don't see why not. I don't want to set empty user name or password but I want to always do some sets in verify callback. Thank you.