Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-06 20:40:08 -05:00
Code Issues Activity

fix(core): throw invalid credentials for empty password users (#2436)

Browse source
This commit is contained in:
wangsijie 2022-11-15 10:56:48 +08:00 committed by GitHub
parent ec2492700d
commit d81b751f9b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
packages/core/src/lib/user.ts
View file

@ -48,7 +48,7 @@ export const verifyUserPassword = async (user: Nullable<User>, password: string)
assertThat(user, 'session.invalid_credentials'); assertThat(user, 'session.invalid_credentials');
const { passwordEncrypted, passwordEncryptionMethod } = user; const { passwordEncrypted, passwordEncryptionMethod } = user;
assertThat(passwordEncrypted && passwordEncryptionMethod, 'session.invalid_sign_in_method'); assertThat(passwordEncrypted && passwordEncryptionMethod, 'session.invalid_credentials');
const result = await argon2Verify({ password, hash: passwordEncrypted }); const result = await argon2Verify({ password, hash: passwordEncrypted });