add deprecation message to req.auth

dougwilson · dougwilson · commit f381f2d9b6e9 · 2014-07-04T00:24:01.000-04:00
diff --git a/History.md b/History.md
@@ -2,6 +2,8 @@ unreleased
 ==========
 
  * add deprecation message to `app.configure`
+ * add deprecation message to `req.auth`
+ * use `basic-auth` to parse `Authorization` header
  * deps: connect@2.22.0
    - deps: csurf@~1.3.0
    - deps: express-session@~1.6.1
diff --git a/lib/request.js b/lib/request.js
@@ -3,6 +3,8 @@
  * Module dependencies.
  */
 
+var auth = require('basic-auth');
+var deprecate = require('depd')('express');
 var http = require('http')
   , utils = require('./utils')
   , connect = require('connect')
@@ -422,20 +424,13 @@ req.__defineGetter__('ips', function(){
  */
 
 req.__defineGetter__('auth', function(){
-  // missing
-  var auth = this.get('Authorization');
-  if (!auth) return;
-
-  // malformed
-  var parts = auth.split(' ');
-  if ('basic' != parts[0].toLowerCase()) return;
-  if (!parts[1]) return;
-  auth = parts[1];
+  deprecate('req.auth: Use basic-auth module directly');
 
   // credentials
-  auth = new Buffer(auth, 'base64').toString().match(/^([^:]*):(.*)$/);
-  if (!auth) return;
-  return { username: auth[1], password: auth[2] };
+  var creds = auth(this);
+  if (!creds) return;
+
+  return { username: creds.name, password: creds.pass };
 });
 
 /**
diff --git a/package.json b/package.json
@@ -25,6 +25,7 @@
   "repository": "visionmedia/express",
   "license": "MIT",
   "dependencies": {
+    "basic-auth": "0.0.1",
     "buffer-crc32": "0.2.3",
     "connect": "2.22.0",
     "commander": "1.3.2",
