File tree Expand file tree Collapse file tree 2 files changed +33
-2
lines changed
Expand file tree Collapse file tree 2 files changed +33
-2
lines changed Original file line number Diff line number Diff line change @@ -368,6 +368,34 @@ describe('Parse.User testing', () => {
368368 . find ( { useMasterKey : true } ) ;
369369 expect ( sessions . length ) . toBe ( 0 ) ;
370370 } ) ;
371+
372+ it ( 'should not auto-signup when password is wrong for existing user' , async ( ) => {
373+ await reconfigureServer ( { autoSignupOnLogin : true } ) ;
374+
375+ // Create an existing user
376+ const existingUser = new Parse . User ( ) ;
377+ existingUser . setUsername ( 'existing-user' ) ;
378+ existingUser . setPassword ( 'correct-password' ) ;
379+ await existingUser . signUp ( ) ;
380+
381+ // Try to login with wrong password
382+ await expectAsync (
383+ Parse . User . logIn ( 'existing-user' , 'wrong-password' )
384+ ) . toBeRejectedWith (
385+ jasmine . objectContaining ( { code : Parse . Error . OBJECT_NOT_FOUND } )
386+ ) ;
387+
388+ // Ensure no new user was created
389+ const count = await new Parse . Query ( Parse . User )
390+ . equalTo ( 'username' , 'existing-user' )
391+ . count ( { useMasterKey : true } ) ;
392+ expect ( count ) . toBe ( 1 ) ;
393+
394+ // Ensure the existing user is still the only one
395+ const users = await new Parse . Query ( Parse . User )
396+ . find ( { useMasterKey : true } ) ;
397+ expect ( users . length ) . toBe ( 1 ) ;
398+ } ) ;
371399 } ) ;
372400
373401 it ( 'should respect ACL without locking user out' , done => {
Original file line number Diff line number Diff line change @@ -151,7 +151,9 @@ export class UsersRouter extends ClassesRouter {
151151 . find ( '_User' , query , { } , Auth . maintenance ( req . config ) )
152152 . then ( results => {
153153 if ( ! results . length ) {
154- throw new Parse . Error ( Parse . Error . OBJECT_NOT_FOUND , 'Invalid username/password.' ) ;
154+ const error = new Parse . Error ( Parse . Error . OBJECT_NOT_FOUND , 'Invalid username/password.' ) ;
155+ error . userNotFound = true ;
156+ throw error ;
155157 }
156158
157159 if ( results . length > 1 ) {
@@ -326,7 +328,8 @@ export class UsersRouter extends ClassesRouter {
326328 if (
327329 req . config . autoSignupOnLogin &&
328330 error &&
329- error . code === Parse . Error . OBJECT_NOT_FOUND
331+ error . code === Parse . Error . OBJECT_NOT_FOUND &&
332+ error . userNotFound === true
330333 ) {
331334 autoSignupResult = await this . _autoSignupOnLogin ( req ) ;
332335 user = autoSignupResult . user ;
You can’t perform that action at this time.
0 commit comments