X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=lib%2Fauthenticator.js;h=ba5d9217a86ca03efdaebd07c7b833338ddc7cce;hb=681ff60618195ab6754e5b8718a32e53ab2222ec;hp=0c0c349b7288af20f0fc7df421c91aeddd61a3dc;hpb=5b90f0a97b1f49b19d395ffe2cf14dda12d87fc9;p=squeep-authentication-module

diff --git a/lib/authenticator.js b/lib/authenticator.js
index 0c0c349..ba5d921 100644
--- a/lib/authenticator.js
+++ b/lib/authenticator.js
@@ -51,7 +51,8 @@ class Authenticator {
       throw new Error('no authentication mechanisms available');
     }
 
-    this.mysteryBox = new MysteryBox(logger, options);
+    this.mysteryBox = new MysteryBox(options);
+    this.mysteryBox.on('statistics', common.mysteryBoxLogger(logger, _fileScope(this.constructor.name)));
 
     this.cookieLifespan = options.authenticator.inactiveSessionLifespanSeconds || 60 * 60 * 24 * 32;
   }
@@ -66,10 +67,14 @@ class Authenticator {
    */
   async isValidIdentifierCredential(identifier, credential, ctx) {
     const _scope = _fileScope('isValidIdentifierCredential');
-    this.logger.debug(_scope, 'called', { identifier, credential: '*'.repeat(credential.length), ctx });
+    this.logger.debug(_scope, 'called', { identifier, credential: '*'.repeat((credential || '').length), ctx });
 
     let isValid = false;
 
+    if (typeof credential === 'undefined') {
+      return isValid;
+    }
+
     await this.db.context(async (dbCtx) => {
       const authData = await this.db.authenticationGet(dbCtx, identifier);
       if (!authData) {
@@ -82,7 +87,7 @@ class Authenticator {
         &&         this.authnEnabled.includes('pam')) {
           isValid = this._isValidPAMIdentifier(identifier, credential);
         } else {
-          this.logger.error(_scope, 'failed, unknown type of stored credential', { identifier, ctx });
+          this.logger.error(_scope, 'failed, unknown or unsupported type of stored credential', { identifier, ctx });
         }
       }
 
@@ -184,7 +189,7 @@ class Authenticator {
     (cookieHeader || '').split(/; */).forEach((field) => {
       const [ name, value ] = common.splitFirst(field, '=', null).map((x) => x && decodeURIComponent(x.trim()));
       if (name && !(name in cookie)) {
-        if (value && value.startsWith('"') && value.endsWith('"')) {
+        if (value?.startsWith('"') && value.endsWith('"')) {
           cookie[name] = value.slice(1, -1); // eslint-disable-line security/detect-object-injection
         } else {
           cookie[name] = value; // eslint-disable-line security/detect-object-injection
@@ -270,7 +275,7 @@ class Authenticator {
         'SameSite=Lax',
         `Path=${this.options.dingus.proxyPrefix}/`,
       ];
-      if (this.options.authenticator.secureAuthOnly) {
+      if (this.secureAuthOnly) {
         cookieParts.push('Secure');
       }
       res.setHeader(Enum.Header.SetCookie, cookieParts.join('; '));