bump package version to 1.2.8

[squeep-authentication-module] / lib / authenticator.js

diff --git a/lib/authenticator.js b/lib/authenticator.js
index 0c0c349b7288af20f0fc7df421c91aeddd61a3dc..c69ada91c6ed6a5234942b1e6ae8eb92a420d7e6 100644 (file)
--- a/lib/authenticator.js
+++ b/lib/authenticator.js
@@ -66,10 +66,14 @@ class Authenticator {
    */
   async isValidIdentifierCredential(identifier, credential, ctx) {
     const _scope = _fileScope('isValidIdentifierCredential');
-    this.logger.debug(_scope, 'called', { identifier, credential: '*'.repeat(credential.length), ctx });
+    this.logger.debug(_scope, 'called', { identifier, credential: '*'.repeat((credential || '').length), ctx });
 
     let isValid = false;
 
+    if (typeof credential === 'undefined') {
+      return isValid;
+    }
+
     await this.db.context(async (dbCtx) => {
       const authData = await this.db.authenticationGet(dbCtx, identifier);
       if (!authData) {
@@ -270,7 +274,7 @@ class Authenticator {
         'SameSite=Lax',
         `Path=${this.options.dingus.proxyPrefix}/`,
       ];
-      if (this.options.authenticator.secureAuthOnly) {
+      if (this.secureAuthOnly) {
         cookieParts.push('Secure');
       }
       res.setHeader(Enum.Header.SetCookie, cookieParts.join('; '));