JWTAuth::attempt return random token if input is null

JWTAuth::attempt return random token if input of email & password is null

Environment

I have this code

$token = JWTAuth::attempt(['email' => $emailOrUserName, 'password' => $password]);
Log::info($token);
if (!$token) {
$token = JWTAuth::attempt(['user_name' => $emailOrUserName, 'password' => $password]);
}
and I have 10 user with different password and same email=null.
Note that each user have difrerent user_name

As you can see the code I have attempt the email first with password. the problem here is it always return a token randomly from 10 user have email=null. when I test it with both param are empty,

But if I put any character in password param it run correct.

For sure I have to validate not empty param on client-side and api but why the JWTAuth::attempt function can return token when the case email & password both empty not happen.