fix(authentication-local): adds error handling for undefined/null pas…

…sword field (#2444)
feathersjs · Sep 12, 2021 · 4323f98 · 4323f98
1 parent 6c972f0
commit 4323f98
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/packages/authentication-local/src/strategy.ts b/packages/authentication-local/src/strategy.ts
@@ -119,9 +119,14 @@ export class LocalStrategy extends AuthenticationBaseStrategy {
   }
 
   async authenticate (data: AuthenticationRequest, params: Params) {
-    const { passwordField, usernameField, entity } = this.configuration;
+    const { passwordField, usernameField, entity, errorMessage } = this.configuration;
     const username = data[usernameField];
     const password = data[passwordField];
+
+    if (!password) { // exit early if there is no password
+      throw new NotAuthenticated(errorMessage);
+    }
+
     const result = await this.findEntity(username, omit(params, 'provider'));
 
     await this.comparePassword(result, password);

diff --git a/packages/authentication-local/test/strategy.test.ts b/packages/authentication-local/test/strategy.test.ts
@@ -97,6 +97,20 @@ describe('@feathersjs/authentication-local/strategy', () => {
     }
   });
 
+  it('fails when password is not provided', async () => {
+    const authService = app.service('authentication');
+    try {
+      await authService.create({
+        strategy: 'local',
+        email,
+      });
+      assert.fail('Should never get here');
+    } catch (error) {
+      assert.strictEqual(error.name, 'NotAuthenticated');
+      assert.strictEqual(error.message, 'Invalid login');
+    }
+  });
+
   it('fails when password field is not available', async () => {
     const userEmail = 'someuser@localtest.com';
     const authService = app.service('authentication');