From 5b9f3980283d8d1a61b9ecf1f113f02e1c3d399d Mon Sep 17 00:00:00 2001
From: Eric Anderson <eric.eanderson@gmail.com>
Date: Mon, 5 Sep 2016 12:36:30 -0500
Subject: [PATCH 1/2] Update auth.js

Found myself in a vicious loop if I failed to type in a password when prompted in Chrome. Every refresh of the page would fall into the criton check with a blank password. Seems Chrome wouldn't clear the headers until I closed the browser and/or switched to a new incognito tab. Probably a user error, but still, this avoided the criton throw.
---
 lib/server/auth.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/server/auth.js b/lib/server/auth.js
index ef7b2c437b..db0bd2c3d8 100644
--- a/lib/server/auth.js
+++ b/lib/server/auth.js
@@ -36,7 +36,8 @@
             algo    = config('algo');
         
         sameName    = username === name;
-        samePass    = pass === criton(password, algo);
+        samePass    =    (password.length > 0) 
+                      && (pass === criton(password, algo));
         
         callback(sameName && samePass);
     }

From 57ea39782c021c4da23c56899cbe087c808f1634 Mon Sep 17 00:00:00 2001
From: Eric Anderson <eric.eanderson@gmail.com>
Date: Mon, 5 Sep 2016 13:13:11 -0500
Subject: [PATCH 2/2] Update auth.js (#1)

---
 lib/server/auth.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/server/auth.js b/lib/server/auth.js
index db0bd2c3d8..940b312a6f 100644
--- a/lib/server/auth.js
+++ b/lib/server/auth.js
@@ -36,8 +36,7 @@
             algo    = config('algo');
         
         sameName    = username === name;
-        samePass    =    (password.length > 0) 
-                      && (pass === criton(password, algo));
+        samePass    = (password.length > 0) && (pass === criton(password, algo));
         
         callback(sameName && samePass);
     }