Error message should not specify that password was wrong

[des-des]

https://github.com/FACN3/spend500/blob/master/src/handlers/handleLogIn.js#L33

Better: The username / password combination is incorrect.

Then we expose no information unless the user has the correct credentials

[MynahMarie]

Yep, good point :) don't want any hacker getting ideas about fuzzing the website to find a valid username and/or password :scream_cat:

[des-des]

@MynahMarie changing what happens on the client makes no difference, you need to change the behaviour on the server

https://github.com/FACN3/spend500/commit/b28c92f9f60ad0bda20e66a515f1613a148b11d9#diff-69e5731bbd0c8652e8a34fd853d544d7R35