fixed lack of proper password validation

konradoboza · konradoboza · commit 18233e63bb0c · 2024-06-26T10:26:48.000+02:00
diff --git a/src/lib/Mutation/AuthenticationMutation.php b/src/lib/Mutation/AuthenticationMutation.php
@@ -38,10 +38,16 @@ public function createToken(Argument $args): array
 
         try {
             $user = $this->userService->loadUserByLogin($args['username']);
-            $this->userService->checkUserCredentials($user, $args['password']);
         } catch (NotFoundException) {
             return [
-                'message' => 'Wrong username or password',
+                'message' => 'Wrong username',
+                'token' => null,
+            ];
+        }
+
+        if (!$this->userService->checkUserCredentials($user, $args['password'])) {
+            return [
+                'message' => 'Wrong password',
                 'token' => null,
             ];
         }
