github/directus
1
1
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-04-25 03:00:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

Treat no password as invalid

Browse Source
This commit is contained in:
rijkvanzanten
2021-01-25 17:46:51 -05:00
parent 7abd2842d4
commit 99052add83
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api/src/services/authentication.ts
View File

@@ -46,6 +46,10 @@ export class AuthenticationService {
throw new InvalidCredentialsException();
}
if (!password || !user.password) {
throw new InvalidCredentialsException();
}
if (password !== undefined && (await argon2.verify(user.password, password)) === false) {
throw new InvalidCredentialsException();
}