Update auth.js

Found myself in a vicious loop if I failed to type in a password when prompted in Chrome. Every refresh of the page would fall into the criton check with a blank password. Seems Chrome wouldn't clear the headers until I closed the browser and/or switched to a new incognito tab. Probably a user error, but still, this avoided the criton throw.
coderaiser · Sep 5, 2016 · 5b9f398 · 5b9f398
1 parent 2164a02
commit 5b9f398
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/lib/server/auth.js b/lib/server/auth.js
@@ -36,7 +36,8 @@
             algo    = config('algo');
 
         sameName    = username === name;
-        samePass    = pass === criton(password, algo);
+        samePass    =    (password.length > 0) 
+                      && (pass === criton(password, algo));
 
         callback(sameName && samePass);
     }