fixed lack of proper password validation

ibexa · Jun 26, 2024 · 18233e6 · 18233e6
1 parent 51e57fe
commit 18233e6
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/src/lib/Mutation/AuthenticationMutation.php b/src/lib/Mutation/AuthenticationMutation.php
@@ -38,10 +38,16 @@ public function createToken(Argument $args): array
 
         try {
             $user = $this->userService->loadUserByLogin($args['username']);
-            $this->userService->checkUserCredentials($user, $args['password']);
         } catch (NotFoundException) {
             return [
-                'message' => 'Wrong username or password',
+                'message' => 'Wrong username',
+                'token' => null,
+            ];
+        }
+
+        if (!$this->userService->checkUserCredentials($user, $args['password'])) {
+            return [
+                'message' => 'Wrong password',
                 'token' => null,
             ];
         }