search

Volst / graphql-authentication

🔑 Makes it easy to do boring authentication stuff with GraphQL (login, password reset, ...)
https://graphql-authentication-demo.now.sh/
ISC License
233 stars 15 forks source link

Distinguish login failure due to incorrect password #45

Open superhawk610 opened 5 years ago

superhawk610 commented 5 years ago

Currently, incorrect email or password input to the login mutation both throw a UserNotFoundError, with no distinction made between the two. I would like to be able to tell the user whether their login failed due to an incorrect email or incorrect password.

Relevant Code:

mutations.ts

// line 177
if (!user) {
  throw new UserNotFoundError();
}

// line 196
const valid = await bcrypt.compare(password, user.password);
if (!valid) {
  throw new UserNotFoundError();
}

I understand that this may be by design, and if so, feel free to close this. I'll create a fork for my project and open a PR in case this functionality would be useful to others.

superhawk610 commented 5 years ago

If the PR is not accepted, I've published a gitpkg at https://github.com/superhawk610/graphql-authentication. You can use it in your project like so

yarn add https://github.com/superhawk610/graphql-authentication#graphql-authentication-v0.5.5-gitpkg