0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00

fix(core): error invalid credentials should return 401 instead of 400 (#3254)

This commit is contained in:
Charles Zhao 2023-03-01 16:56:25 +08:00 committed by GitHub
parent 04ddbadfac
commit af9cd0d164
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -33,14 +33,17 @@ export const encryptUserPassword = async (
};
export const verifyUserPassword = async (user: Nullable<User>, password: string): Promise<User> => {
assertThat(user, 'session.invalid_credentials');
assertThat(user, new RequestError({ code: 'session.invalid_credentials', status: 401 }));
const { passwordEncrypted, passwordEncryptionMethod } = user;
assertThat(passwordEncrypted && passwordEncryptionMethod, 'session.invalid_credentials');
assertThat(
passwordEncrypted && passwordEncryptionMethod,
new RequestError({ code: 'session.invalid_credentials', status: 401 })
);
const result = await argon2Verify({ password, hash: passwordEncrypted });
assertThat(result, 'session.invalid_credentials');
assertThat(result, new RequestError({ code: 'session.invalid_credentials', status: 401 }));
return user;
};