From d8ee9174de65da58a9042caf249f95cc7cd569f9 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 7 Jan 2026 03:18:29 +0000 Subject: [PATCH 1/2] Initial plan From cb664e21cbd85877e1b5c0259f840570eb7486d2 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 7 Jan 2026 03:24:06 +0000 Subject: [PATCH 2/2] Fix: Return 401 instead of 500 for empty credentials (issue #40) Co-authored-by: stanleykc <3931811+stanleykc@users.noreply.github.com> --- .../auth/UnityAuthenticationProvider.java | 8 +++++++- .../java/io/unityfoundation/UnityIamTest.java | 19 +++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/UnityAuth/src/main/java/io/unityfoundation/auth/UnityAuthenticationProvider.java b/UnityAuth/src/main/java/io/unityfoundation/auth/UnityAuthenticationProvider.java index 0d97a79..f3d4344 100644 --- a/UnityAuth/src/main/java/io/unityfoundation/auth/UnityAuthenticationProvider.java +++ b/UnityAuth/src/main/java/io/unityfoundation/auth/UnityAuthenticationProvider.java @@ -59,7 +59,13 @@ private User findUser(AuthenticationRequest authRequest) { @Override public @NonNull Publisher authenticate( @NonNull AuthenticationRequest authenticationRequest) { - return Mono.fromCallable(() -> findUser(authenticationRequest)) + if (authenticationRequest.getIdentity() == null || + authenticationRequest.getIdentity().toString().isEmpty() || + authenticationRequest.getSecret() == null || + authenticationRequest.getSecret().toString().isEmpty()) { + return Mono.just(AuthenticationResponse.failure(CREDENTIALS_DO_NOT_MATCH.toString())); + } + return Mono.fromCallable(() -> findUser(authenticationRequest)) .subscribeOn(Schedulers.boundedElastic()) .flatMap(user -> { AuthenticationFailed authenticationFailed = validate(user, authenticationRequest); diff --git a/UnityAuth/src/test/java/io/unityfoundation/UnityIamTest.java b/UnityAuth/src/test/java/io/unityfoundation/UnityIamTest.java index 8c37e9f..2b3837d 100644 --- a/UnityAuth/src/test/java/io/unityfoundation/UnityIamTest.java +++ b/UnityAuth/src/test/java/io/unityfoundation/UnityIamTest.java @@ -8,6 +8,7 @@ import io.micronaut.http.HttpResponse; import io.micronaut.http.HttpStatus; import io.micronaut.http.client.HttpClient; +import io.micronaut.http.client.exceptions.HttpClientResponseException; import io.micronaut.http.client.annotation.Client; import io.micronaut.security.authentication.UsernamePasswordCredentials; import io.micronaut.security.token.render.BearerAccessRefreshToken; @@ -311,4 +312,22 @@ private String login(String username) { BearerAccessRefreshToken bearer = rsp.body(); return bearer.getAccessToken(); } + + @Test + void login_failsWithEmptyPassword() { + UsernamePasswordCredentials creds = new UsernamePasswordCredentials("person1@test.io", ""); + HttpRequest request = HttpRequest.POST("/api/login", creds); + HttpClientResponseException exception = assertThrows(HttpClientResponseException.class, () -> + client.toBlocking().exchange(request, BearerAccessRefreshToken.class)); + assertEquals(HttpStatus.UNAUTHORIZED, exception.getStatus()); + } + + @Test + void login_failsWithEmptyUsername() { + UsernamePasswordCredentials creds = new UsernamePasswordCredentials("", "test"); + HttpRequest request = HttpRequest.POST("/api/login", creds); + HttpClientResponseException exception = assertThrows(HttpClientResponseException.class, () -> + client.toBlocking().exchange(request, BearerAccessRefreshToken.class)); + assertEquals(HttpStatus.UNAUTHORIZED, exception.getStatus()); + } }