[auth] inconsistency

[ghost]

The way it is implemented gives inconsistent results in the moment auth is called with one of the arguments empty and when both arguments are filled in but user can't be authenticated. In the first case we get back SUCCESS and in the second we get proper result with ERROR with username or password incorrect message. In my opinion this should return always error. The issue here is this line in relax: if(cfg.user && cfg.pass)

Additionally if we have auth we also should have corresponding session deleting function (unauth?). Even if it is very easy to achieve with relax it would be more consistent to have it separately or maybe use auth with empty params instead.

if you agree on this I can do necessary changes.

cheers,
Artur

[PatrickHeneise]

Agree. Sorry, didn't have the time yet to continue on the issue.

[dscape]

Yup please do submit a patch and tests if possible. Thank you
On Oct 31, 2011 6:51 PM, "tarantoga" <
reply@reply.github.com>
wrote:

The way it is implemented gives inconsistent results in the moment auth is
called with one of the arguments empty and when both arguments are filled
in but user can't be authenticated. In the first case we get back SUCCESS
and in the second we get proper result with ERROR with username or password
incorrect message. In my opinion this should return always error. The issue
here is this line in relax: if(cfg.user && cfg.pass)

Additionally if we have auth we also should have corresponding session
deleting function (unauth?). Even if it is very easy to achieve with relax
it would be more consistent to have it separately or maybe use auth with
empty params instead.

if you agree on this I can do necessary changes.

cheers,
Artur

Reply to this email directly or view it on GitHub:
#31