Passport v0.5.3

This release reverts a change introduced in v0.5.1, with passport.initialize() middleware again extending requests with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions. This now correctly matches the behavior in v0.5.0, with only versions 0.5.1 and 0.5.2 having potentially breaking changes.

The change was originally introduced in order to simplify the application-level middleware stack, so that only passport.session() middleware was necessary. That middleware, instead of passport.initialize(), extended the request.

Some applications, however, do not use Passport middleware at all at the application-level, instead preferring to use the middleware only on routes that explicitly need authentication. This begs the question: how do you invoke req.login on routes, such as sign up, which don’t need authentication?

With this change, you can (as before) simply initialize Passport on these routes:

app.post('/signup', passport.initialize(), function(req, res, next) {
  db.insertUser(..., function(err, user) {
    if (err) { return next(err); }
    req.login(user, function(err) {
      if (err) { return next(err); }
      res.redirect('/');
    });
  });
});