Passport v0.5.0
This release improves Passport’s internals to avoid monkey patching Node.js core modules. In prior versions of Passport, the IncomingMessage
class of the HTTP module was patched, adding login()
, logIn()
, logout()
, logOut()
, isAuthenticated()
, and isUnauthenticated()
functions to the prototype. While this technique does not typically cause any problems, it isn’t behavior that is expected from well-behaved modules existing in a broader ecosystem.
Given that, this technique is no longer applied in v0.5.0. Instead, these functions are added directly to req
as they pass through middleware — specifically passport.initialize()
middleware. This follows the patterns established by other Express middleware, such ascsurf
.
Unless you are in an unusual situation where your application require()
s Passport, but doesn’t actually use its middleware, this shouldn’t be a breaking change.
This releases also fixes a potential race condition in situations where passport.initialize()
is used multiple times within an application with different values for the userProperty
option.