mirror of
https://github.com/logto-io/logto.git
synced 2024-12-16 20:26:19 -05:00
fix(core): error invalid credentials should return 401 instead of 400 (#3254)
This commit is contained in:
parent
04ddbadfac
commit
af9cd0d164
1 changed files with 6 additions and 3 deletions
|
@ -33,14 +33,17 @@ export const encryptUserPassword = async (
|
|||
};
|
||||
|
||||
export const verifyUserPassword = async (user: Nullable<User>, password: string): Promise<User> => {
|
||||
assertThat(user, 'session.invalid_credentials');
|
||||
assertThat(user, new RequestError({ code: 'session.invalid_credentials', status: 401 }));
|
||||
const { passwordEncrypted, passwordEncryptionMethod } = user;
|
||||
|
||||
assertThat(passwordEncrypted && passwordEncryptionMethod, 'session.invalid_credentials');
|
||||
assertThat(
|
||||
passwordEncrypted && passwordEncryptionMethod,
|
||||
new RequestError({ code: 'session.invalid_credentials', status: 401 })
|
||||
);
|
||||
|
||||
const result = await argon2Verify({ password, hash: passwordEncrypted });
|
||||
|
||||
assertThat(result, 'session.invalid_credentials');
|
||||
assertThat(result, new RequestError({ code: 'session.invalid_credentials', status: 401 }));
|
||||
|
||||
return user;
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue