From 6d1876e596e3795ab0eebd566e45bea4c204adf5 Mon Sep 17 00:00:00 2001
From: Michael Nutt <michael@nuttnet.net>
Date: Thu, 12 Mar 2020 09:15:02 -0400
Subject: [PATCH 1/2] allow for a list of password tokens

---
 config/domains/default.js.example |  2 ++
 lib/proxy_domain.js               | 13 ++++++++-----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/config/domains/default.js.example b/config/domains/default.js.example
index de6f6b0..6a86af9 100644
--- a/config/domains/default.js.example
+++ b/config/domains/default.js.example
@@ -55,6 +55,8 @@ module.exports = {
     // Simple password login, make sure you choose a very secure password.
     // password: {
     //  token: "YOUR-PASSWORD" // any user that knows this can log in
+    //     -- or --
+    //  tokens: ["ONE-PASSWORD", "ANOTHER-PASSWORD"] // either of these can be used
     // },
 
     // Register a new oauth app on Google Apps at
diff --git a/lib/proxy_domain.js b/lib/proxy_domain.js
index 31cc722..52d7ee4 100644
--- a/lib/proxy_domain.js
+++ b/lib/proxy_domain.js
@@ -131,11 +131,14 @@ class ProxyDomain {
     passport.use(
       `${this.options.domain}-local`,
       new LocalStrategy({ tokenField: "password" }, function(token, cb) {
-        if (
-          config.token &&
-          config.token.length === token.length &&
-          safeCompare(config.token, token)
-        ) {
+        let tokens;
+        if (config.token && config.token.length) {
+          tokens = [config.token];
+        } else {
+          tokens = config.tokens || [];
+        }
+
+        if (tokens.find(t => t.length && t.length == token.length && safeCompare(t, token))) {
           log.info("Authenticated with password login");
           return cb(null, { password: { authenticated: true } });
         } else {

From 2d979f3e5acc03989847178c683045e22cd3ee16 Mon Sep 17 00:00:00 2001
From: Michael Nutt <michael@nuttnet.net>
Date: Thu, 12 Mar 2020 09:18:35 -0400
Subject: [PATCH 2/2] shorter version

---
 lib/proxy_domain.js | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/lib/proxy_domain.js b/lib/proxy_domain.js
index 52d7ee4..7ea12b9 100644
--- a/lib/proxy_domain.js
+++ b/lib/proxy_domain.js
@@ -131,12 +131,7 @@ class ProxyDomain {
     passport.use(
       `${this.options.domain}-local`,
       new LocalStrategy({ tokenField: "password" }, function(token, cb) {
-        let tokens;
-        if (config.token && config.token.length) {
-          tokens = [config.token];
-        } else {
-          tokens = config.tokens || [];
-        }
+        const tokens = config.token ? [config.token] : config.tokens || [];
 
         if (tokens.find(t => t.length && t.length == token.length && safeCompare(t, token))) {
           log.info("Authenticated with password login");