0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00

fix(core): throw invalid credentials for empty password users (#2436)

This commit is contained in:
wangsijie 2022-11-15 10:56:48 +08:00 committed by GitHub
parent ec2492700d
commit d81b751f9b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -48,7 +48,7 @@ export const verifyUserPassword = async (user: Nullable<User>, password: string)
assertThat(user, 'session.invalid_credentials');
const { passwordEncrypted, passwordEncryptionMethod } = user;
assertThat(passwordEncrypted && passwordEncryptionMethod, 'session.invalid_sign_in_method');
assertThat(passwordEncrypted && passwordEncryptionMethod, 'session.invalid_credentials');
const result = await argon2Verify({ password, hash: passwordEncrypted });