From eadb191a5cd5730f49848e2de933d5dfc06ab7bd Mon Sep 17 00:00:00 2001
From: Juergen Albersdorfer <juergen.albersdorfer@zweiradteile.net>
Date: Fri, 13 Sep 2019 14:10:52 +0200
Subject: [PATCH] fix: LocalStrategy authenticates without username #1559

---
 packages/authentication-local/src/strategy.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/packages/authentication-local/src/strategy.ts b/packages/authentication-local/src/strategy.ts
index 28faf7c56b..4f182fd612 100644
--- a/packages/authentication-local/src/strategy.ts
+++ b/packages/authentication-local/src/strategy.ts
@@ -45,6 +45,10 @@ export class LocalStrategy extends AuthenticationBaseStrategy {
 
   async findEntity (username: string, params: Params) {
     const { entityUsernameField, service, errorMessage } = this.configuration;
+    if (!username) { // don't query for users without any condition set.
+      throw new NotAuthenticated(errorMessage);
+    }
+
     const query = await this.getEntityQuery({
       [entityUsernameField]: username
     }, params);