From 12af31b74c3ecb2b4e98b2d34bd6f2289e1c847f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20Gr=C3=B6nke?= <stefan@gronke.net>
Date: Sun, 17 Dec 2017 23:36:03 +0100
Subject: [PATCH 1/5] explicitly expect true as sync authenticator return value

---
 index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.js b/index.js
index ee08756..b67de60 100644
--- a/index.js
+++ b/index.js
@@ -43,7 +43,7 @@ function buildMiddleware(options) {
 
         if(isAsync)
             return authorizer(authentication.name, authentication.pass, authorizerCallback)
-        else if(!authorizer(authentication.name, authentication.pass))
+        else if(authorizer(authentication.name, authentication.pass) !== true)
             return unauthorized()
 
         return next()

From 886bb7d0dffe353855b55d5a3bdfac8394008e8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20Gr=C3=B6nke?= <stefan@gronke.net>
Date: Mon, 18 Dec 2017 14:27:43 +0100
Subject: [PATCH 2/5] explicitly test for undefined default

---
 index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.js b/index.js
index b67de60..7d5524d 100644
--- a/index.js
+++ b/index.js
@@ -2,7 +2,7 @@ const auth = require('basic-auth')
 const assert = require('assert')
 
 function ensureFunction(option, defaultValue) {
-    if(option == undefined)
+    if(option === undefined)
         return function() { return defaultValue }
 
     if(typeof option != 'function')

From f9b5fc4b5ca07730f2bfd6e2da5d2508f8d94ee8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20Gr=C3=B6nke?= <stefan@gronke.net>
Date: Mon, 18 Dec 2017 14:30:21 +0100
Subject: [PATCH 3/5] refactor authorizer

---
 index.js | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/index.js b/index.js
index 7d5524d..74c48de 100644
--- a/index.js
+++ b/index.js
@@ -14,20 +14,20 @@ function ensureFunction(option, defaultValue) {
 function buildMiddleware(options) {
     var challenge = options.challenge != undefined ? !!options.challenge : false
     var users = options.users || {}
-    var authorizer = options.authorizer || staticUsersAuthorizer
     var isAsync = options.authorizeAsync != undefined ? !!options.authorizeAsync : false
     var getResponseBody = ensureFunction(options.unauthorizedResponse, '')
     var realm = ensureFunction(options.realm)
+    var authorizer
 
-    assert(typeof users == 'object', 'Expected an object for the basic auth users, found ' + typeof users + ' instead')
-    assert(typeof authorizer == 'function', 'Expected a function for the basic auth authorizer, found ' + typeof authorizer + ' instead')
-
-    function staticUsersAuthorizer(username, password) {
-        for(var i in users)
-            if(username == i && password == users[i])
-                return true
-
-        return false
+    if(options.hasOwnProperty('users')) {
+        assert(typeof users == 'object', 'Expected an object for the basic auth users, found ' + typeof users + ' instead')
+        assert(!options.authorizer, 'An users object cannot be combined with a custom authorizer')
+        authorizer = function(username, password) {
+            return users.indexOf(username) !== -1 && password === users[username]
+        }
+    } else {
+        assert(typeof options.authorizer == 'function', 'Expected a function for the basic auth authorizer, found ' + typeof authorizer + ' instead')
+        authorizer = options.authorizer
     }
 
     return function authMiddleware(req, res, next) {

From b5423a0d4a7863f1ec37bb89fddeb19821761497 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20Gr=C3=B6nke?= <stefan@gronke.net>
Date: Mon, 18 Dec 2017 14:40:36 +0100
Subject: [PATCH 4/5] refactor isAsync check

---
 index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.js b/index.js
index 74c48de..3e8466e 100644
--- a/index.js
+++ b/index.js
@@ -14,7 +14,7 @@ function ensureFunction(option, defaultValue) {
 function buildMiddleware(options) {
     var challenge = options.challenge != undefined ? !!options.challenge : false
     var users = options.users || {}
-    var isAsync = options.authorizeAsync != undefined ? !!options.authorizeAsync : false
+    var isAsync = options.hasOwnProperty(authorizeAsync) && !!options.authorizeAsync
     var getResponseBody = ensureFunction(options.unauthorizedResponse, '')
     var realm = ensureFunction(options.realm)
     var authorizer

From 8f8e90e62e8d5a5f338fe9524fe389ff5ddfc771 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20Gr=C3=B6nke?= <stefan@gronke.net>
Date: Mon, 18 Dec 2017 14:45:49 +0100
Subject: [PATCH 5/5] refactor authorizer usage

---
 index.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/index.js b/index.js
index 3e8466e..c27d273 100644
--- a/index.js
+++ b/index.js
@@ -41,12 +41,12 @@ function buildMiddleware(options) {
             password: authentication.pass
         }
 
+        var authorized = authorizer(authentication.name, authentication.pass, authorizerCallback)
+
         if(isAsync)
-            return authorizer(authentication.name, authentication.pass, authorizerCallback)
-        else if(authorizer(authentication.name, authentication.pass) !== true)
-            return unauthorized()
+            return authorized
 
-        return next()
+        return (authorized === true) ? next() : unauthorized()
 
         function unauthorized() {
             if(challenge) {