JWTAuth::attempt return random token if input is null
JWTAuth::attempt return random token if input of email & password is null
Environment
Q
A
Bug?
yes
Framework
Laravel
Framework version
5.8
Package version
1.0.*
PHP version
7.4.29
I have this code
$token = JWTAuth::attempt(['email' => $emailOrUserName, 'password' => $password]);Log::info($token);if (!$token) {$token = JWTAuth::attempt(['user_name' => $emailOrUserName, 'password' => $password]);}
and I have 10 user with different password and same email=null.
Note that each user have difrerent user_name
As you can see the code I have attempt the email first with password. the problem here is it always return a token randomly from 10 user have email=null. when I test it with both param are empty,
But if I put any character in password param it run correct.
For sure I have to validate not empty param on client-side and api but why the JWTAuth::attempt function can return token when the case email & password both empty not happen.
JWTAuth::attempt return random token if input is null
JWTAuth::attempt return random token if input of email & password is null
Environment
I have this code
$token = JWTAuth::attempt(['email' => $emailOrUserName, 'password' => $password]);Log::info($token);if (!$token) {$token = JWTAuth::attempt(['user_name' => $emailOrUserName, 'password' => $password]);}and I have 10 user with different password and same email=null. Note that each user have difrerent user_nameAs you can see the code I have attempt the email first with password. the problem here is it always return a token randomly from 10 user have email=null. when I test it with both param are empty,
But if I put any character in password param it run correct.
For sure I have to validate not empty param on client-side and api but why the JWTAuth::attempt function can return token when the case email & password both empty not happen.