Currently, when a user tries to login.
If the username is incorrect, the server replies with a 404 error.
If the password is incorrect, the server replies "Unauthorized", "Credential mismatch"
The server should not use 404 for "user not found" in this case, and reply with the exact same response in both cases
hanmindev
commented
1 year ago
Description
Currently, when a user tries to login. If the username is incorrect, the server replies with a 404 error. If the password is incorrect, the server replies "Unauthorized", "Credential mismatch"
The server should not use 404 for "user not found" in this case, and reply with the exact same response in both cases