From 944c85bfd28dd320a5a1894b1c1a18a0a01fc18c Mon Sep 17 00:00:00 2001
From: JimMoen <LnJimMoen@outlook.com>
Date: Tue, 19 Dec 2023 17:25:32 +0800
Subject: [PATCH 1/2] fix(conn): password can be set when username unset when
 mqttv5

---
 writeToStream.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/writeToStream.js b/writeToStream.js
index 74ca766..448726a 100644
--- a/writeToStream.js
+++ b/writeToStream.js
@@ -200,7 +200,7 @@ function connect (packet, stream, opts) {
 
   // Password
   if (password != null) {
-    if (!providedUsername) {
+    if (!providedUsername && protocolVersion !== 5) {
       stream.destroy(new Error('Username is required to use password'))
       return false
     }

From 65d1cdd704bf98eb2143ddc9a3611099a98bb544 Mon Sep 17 00:00:00 2001
From: JimMoen <LnJimMoen@outlook.com>
Date: Tue, 19 Dec 2023 18:10:16 +0800
Subject: [PATCH 2/2] chore: comment mqtt-v5 username/password

Highlight:
This version of the protocol allows the sending of a Password with no User Name, where MQTT v3.1.1 did not.

refer:
https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901044

> 3.1.2.9 Password Flag
> Position: bit 6 of the Connect Flags.
>
> If the Password Flag is set to 0, a Password MUST NOT be present in the Payload [MQTT-3.1.2-18]. If the Password Flag is set to 1, a Password MUST be present in the Payload [MQTT-3.1.2-19].
>
> Non-normative comment
>
> This version of the protocol allows the sending of a Password with no User Name, where MQTT v3.1.1 did not. This reflects the common use of Password for credentials other than a password.
---
 writeToStream.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/writeToStream.js b/writeToStream.js
index 448726a..a722ce9 100644
--- a/writeToStream.js
+++ b/writeToStream.js
@@ -201,6 +201,8 @@ function connect (packet, stream, opts) {
   // Password
   if (password != null) {
     if (!providedUsername && protocolVersion !== 5) {
+      // `username` is not required when password is present in MQTT-v5
+      // see also: https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901044
       stream.destroy(new Error('Username is required to use password'))
       return false
     }