Unexpected authorized access in security jwt with wrong username but correct password

[A-5ingh]

Describe the bug
After generating default Monolithic application using nhipster with frontend as either angular or react. We can login into application by using credentials without entering any username:

1. Username - (any string or blank), password - admin
2. Username - (any string or blank), password - user

To Reproduce
Steps to reproduce the behavior:

1. Generate monolithic application using any frontend, install dependencies and run the application.
2. Go to Account menu
3. Click on Sign In
4. Enter invalid username but correct password
5. User gets logged in

Expected behavior
User should not be able to login into the application with invalid username and correct password.

Screenshots

Desktop (please complete the following information):

• OS: Windows Server 2012 R2
• Browser: Chrome
• Version: 84.0.4147.135

Additional context
Same issue can be seen in swagger api, we can authenticate user by providing incorrect username and correct password.

[ghost]

Hi @A-5ingh , thanks for the interest!
Then you are saying that you can login with a incorrect username but correct password?
I will check it, thanks.

[ghost]

Thanks! I have found the bug and fixed that. You are welcome!

[A-5ingh]

Thanks! I have found the bug and fixed that. You are welcome!

Thank you for the quick fix. Yes, I was able to login with any string as username (even empty, that will be another client validation failure bug). Only the password had to be correct (means of any account like admin/user etc).

May I also know what exactly was wrong with the JWT code ? @amanganiello90 No worries, I found the commit.

[ghost]

Yeah @A-5ingh , it's very simple, the commit has the issue number as message, and this issue has a comment for that 👍