Whenever I try to login with the correct user and correct password everything is fine, but whenever I try to login with a not existing user or a mistaken password I just get the same mistake which is:
{
"name": "NotAuthenticated",
"message": "Invalid login",
"code": 401,
"className": "not-authenticated",
"errors": {}
}
The expected outcome is to show: user doesn't exist. Or for example: given user and password doesn't match
here is what I'm doing on my code
var username = "givenUsername"
var password = "givenPassword"
client.authenticate({
strategy: 'local',
username, password
}).then((authResponse)=>{
console.log(authRersponse)
}).catch((err)=>{
console.error(err)
})
This is not done by default because it would allow an attacker to guess which email addresses or user names are registered on your system. You can always customize the local authentication strategy to throw the errors you would like, for example by overriding findEntity and comparePassword:
const { AuthenticationService, JWTStrategy } = require('@feathersjs/authentication');
const { LocalStrategy } = require('@feathersjs/authentication-local');
const { NotAuthenticated } = require('@feathersjs/errors');
class MyLocalStrategy extends LocalStrategy {
async findEntity(username, params) {
try {
const entity = await super.findEntity(username, params);
return entity;
} catch (error) {
throw new Error('Entity not found');
}
}
async comparePassword(entity, password) {
try {
const result = await super.comparePassword(entity, password);
return result;
} catch (error) {
throw new Error('Invalid password');
}
}
}
module.exports = app => {
const authService = new AuthenticationService(app);
authService.register('local', new MyLocalStrategy());
// ...
app.use('/authentication', authService);
}