I found an issue in the UsernamePasswordAuthenticator. When I send a request with the following body;
{
"test": "johndoe@example.com",
"fault": "johndoe"
}It returns a valid token because of this line;
list($username, $password) = array_values($body + ['username' => null, 'password' => null]);
Is it possible to add some (configurable) validation on the JSON request?
I found an issue in the UsernamePasswordAuthenticator. When I send a request with the following body;
{ "test": "johndoe@example.com", "fault": "johndoe" }It returns a valid token because of this line;
Is it possible to add some (configurable) validation on the JSON request?