The front-end was previously sending up the username for both the username and password. Since the users in the TestUsers.Users collection on the back-end have the same password as their username, this was allowing someone to login using an invalid password.
brockallen
commented
2 years ago
The front-end was previously sending up the username for both the username and password. Since the users in the
TestUsers.Userscollection on the back-end have the same password as their username, this was allowing someone to login using an invalid password.