diff --git a/examples/auth/index.js b/examples/auth/index.js index b8e854300c..70110891ad 100644 --- a/examples/auth/index.js +++ b/examples/auth/index.js @@ -59,14 +59,14 @@ function authenticate(name, pass, fn) { if (!module.parent) console.log('authenticating %s:%s', name, pass); var user = users[name]; // query the db for the given username - if (!user) return fn(new Error('cannot find user')); + if (!user) return fn(null, null) // apply the same algorithm to the POSTed password, applying // the hash against the pass / salt, if there is a match we // found the user hash({ password: pass, salt: user.salt }, function (err, pass, salt, hash) { if (err) return fn(err); if (hash === user.hash) return fn(null, user) - fn(new Error('invalid password')); + fn(null, null) }); } @@ -99,8 +99,9 @@ app.get('/login', function(req, res){ res.render('login'); }); -app.post('/login', function(req, res){ +app.post('/login', function (req, res, next) { authenticate(req.body.username, req.body.password, function(err, user){ + if (err) return next(err) if (user) { // Regenerate session when signing in // to prevent fixation diff --git a/test/acceptance/auth.js b/test/acceptance/auth.js index 9a36ea45fe..d7838755a0 100644 --- a/test/acceptance/auth.js +++ b/test/acceptance/auth.js @@ -22,7 +22,7 @@ describe('auth', function(){ .expect(200, /