From a86ae5b614c434a072405d19897586680b63e062 Mon Sep 17 00:00:00 2001
From: Mikael Finstad <finstaden@gmail.com>
Date: Thu, 23 Mar 2023 14:10:32 +0900
Subject: [PATCH] Treat also `undefined` as null and false

in deserializeUser

prevent obscure issues like https://github.com/jaredhanson/passport/issues/6#issuecomment-44775039 https://github.com/jaredhanson/passport/issues/6#issuecomment-572817390
---
 lib/authenticator.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/authenticator.js b/lib/authenticator.js
index 98e663c7..83267c08 100644
--- a/lib/authenticator.js
+++ b/lib/authenticator.js
@@ -352,7 +352,7 @@ Authenticator.prototype.deserializeUser = function(fn, req, done) {
     if (err || user) { return done(err, user); }
     // a valid user existed when establishing the session, but that user has
     // since been removed
-    if (user === null || user === false) { return done(null, false); }
+    if (user == null || user === false) { return done(null, false); }
     
     var layer = stack[i];
     if (!layer) {