Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWTAuth::attempt return random token if input is null #2224

Open
huynhnhathoangit opened this issue Jul 25, 2023 · 0 comments
Open

JWTAuth::attempt return random token if input is null #2224

huynhnhathoangit opened this issue Jul 25, 2023 · 0 comments

Comments

@huynhnhathoangit
Copy link

JWTAuth::attempt return random token if input is null

JWTAuth::attempt return random token if input of email & password is null

Environment

Q A
Bug? yes
Framework Laravel
Framework version 5.8
Package version 1.0.*
PHP version 7.4.29

I have this code

$token = JWTAuth::attempt(['email' => $emailOrUserName, 'password' => $password]);
Log::info($token);
if (!$token) {
$token = JWTAuth::attempt(['user_name' => $emailOrUserName, 'password' => $password]);
}
and I have 10 user with different password and same email=null.
Note that each user have difrerent user_name
image

As you can see the code I have attempt the email first with password. the problem here is it always return a token randomly from 10 user have email=null. when I test it with both param are empty,
image

But if I put any character in password param it run correct.

For sure I have to validate not empty param on client-side and api but why the JWTAuth::attempt function can return token when the case email & password both empty not happen.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@huynhnhathoangit