mirror of
https://github.com/logto-io/logto.git
synced 2024-12-16 20:26:19 -05:00
fix(core): throw invalid credentials for empty password users (#2436)
This commit is contained in:
parent
ec2492700d
commit
d81b751f9b
1 changed files with 1 additions and 1 deletions
|
@ -48,7 +48,7 @@ export const verifyUserPassword = async (user: Nullable<User>, password: string)
|
|||
assertThat(user, 'session.invalid_credentials');
|
||||
const { passwordEncrypted, passwordEncryptionMethod } = user;
|
||||
|
||||
assertThat(passwordEncrypted && passwordEncryptionMethod, 'session.invalid_sign_in_method');
|
||||
assertThat(passwordEncrypted && passwordEncryptionMethod, 'session.invalid_credentials');
|
||||
|
||||
const result = await argon2Verify({ password, hash: passwordEncrypted });
|
||||
|
||||
|
|
Loading…
Reference in a new issue