From 46963e941484782f6f6910597cabe005d36edcf3 Mon Sep 17 00:00:00 2001 From: Mohit Date: Mon, 6 Sep 2021 17:52:35 +0530 Subject: [PATCH] fix(authentication-local): adds error handling for undefined/null password field --- packages/authentication-local/src/strategy.ts | 7 ++++++- .../authentication-local/test/strategy.test.ts | 14 ++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/packages/authentication-local/src/strategy.ts b/packages/authentication-local/src/strategy.ts index 2cb5cee61b..354ca80d88 100644 --- a/packages/authentication-local/src/strategy.ts +++ b/packages/authentication-local/src/strategy.ts @@ -119,9 +119,14 @@ export class LocalStrategy extends AuthenticationBaseStrategy { } async authenticate (data: AuthenticationRequest, params: Params) { - const { passwordField, usernameField, entity } = this.configuration; + const { passwordField, usernameField, entity, errorMessage } = this.configuration; const username = data[usernameField]; const password = data[passwordField]; + + if (!password) { // exit early if there is no password + throw new NotAuthenticated(errorMessage); + } + const result = await this.findEntity(username, omit(params, 'provider')); await this.comparePassword(result, password); diff --git a/packages/authentication-local/test/strategy.test.ts b/packages/authentication-local/test/strategy.test.ts index 579534106c..0fd7e70029 100644 --- a/packages/authentication-local/test/strategy.test.ts +++ b/packages/authentication-local/test/strategy.test.ts @@ -97,6 +97,20 @@ describe('@feathersjs/authentication-local/strategy', () => { } }); + it('fails when password is not provided', async () => { + const authService = app.service('authentication'); + try { + await authService.create({ + strategy: 'local', + email, + }); + assert.fail('Should never get here'); + } catch (error) { + assert.strictEqual(error.name, 'NotAuthenticated'); + assert.strictEqual(error.message, 'Invalid login'); + } + }); + it('fails when password field is not available', async () => { const userEmail = 'someuser@localtest.com'; const authService = app.service('authentication');