JWTAuth::attempt return random token if input is null
huynhnhathoangit opened this issue · comments
JWTAuth::attempt return random token if input is null
JWTAuth::attempt return random token if input of email & password is null
Environment
Q | A |
---|---|
Bug? | yes |
Framework | Laravel |
Framework version | 5.8 |
Package version | 1.0.* |
PHP version | 7.4.29 |
I have this code
$token = JWTAuth::attempt(['email' => $emailOrUserName, 'password' => $password]);
Log::info($token);
if (!$token) {
$token = JWTAuth::attempt(['user_name' => $emailOrUserName, 'password' => $password]);
}
and I have 10 user with different password and same email=null.
Note that each user have difrerent user_name
As you can see the code I have attempt the email first with password. the problem here is it always return a token randomly from 10 user have email=null. when I test it with both param are empty,
But if I put any character in password param it run correct.
For sure I have to validate not empty param on client-side and api but why the JWTAuth::attempt function can return token when the case email & password both empty not happen.