X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fauthenticator.js;h=4449a94b700889f5c2196b77c91872ed0b52d26d;hb=70645846baf3aa9ecb7f6f49de143a4282128a73;hp=c388ee883c60bb0fa79380696b87b9894528d209;hpb=a44a8c411be1831e7b2418212ee0b295206ca27a;p=squeep-authentication-module

diff --git a/lib/authenticator.js b/lib/authenticator.js
index c388ee8..4449a94 100644
--- a/lib/authenticator.js
+++ b/lib/authenticator.js
@@ -66,10 +66,14 @@ class Authenticator {
    */
   async isValidIdentifierCredential(identifier, credential, ctx) {
     const _scope = _fileScope('isValidIdentifierCredential');
-    this.logger.debug(_scope, 'called', { identifier, credential: '*'.repeat(credential.length), ctx });
+    this.logger.debug(_scope, 'called', { identifier, credential: '*'.repeat((credential || '').length), ctx });
 
     let isValid = false;
 
+    if (typeof credential === 'undefined') {
+      return isValid;
+    }
+
     await this.db.context(async (dbCtx) => {
       const authData = await this.db.authenticationGet(dbCtx, identifier);
       if (!authData) {
@@ -266,8 +270,9 @@ class Authenticator {
       const cookieParts = [
         sessionCookie,
         'HttpOnly',
-        `Path=${this.options.dingus.proxyPrefix}/`,
         `Max-Age=${this.cookieLifespan}`,
+        'SameSite=Lax',
+        `Path=${this.options.dingus.proxyPrefix}/`,
       ];
       if (this.options.authenticator.secureAuthOnly) {
         cookieParts.push('Secure');
@@ -282,6 +287,7 @@ class Authenticator {
         `${Enum.SessionCookie}=""`,
         'HttpOnly',
         'Max-Age=0',
+        'SameSite=Lax',
         `Path=${this.options.dingus.proxyPrefix}/`,
       ];
       if (this.options.authenticator.secureAuthOnly) {
@@ -385,4 +391,4 @@ class Authenticator {
 
 }
 
-module.exports = Authenticator;
\ No newline at end of file
+module.exports = Authenticator;