Skip to content

Fix: Return 401 instead of 500 for empty credentials #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Fix: Return 401 instead of 500 for empty credentials #50

Copilot wants to merge 2 commits into from

Conversation

Copy link

Copilot AI commented Jan 7, 2026
edited
Loading

Empty username or password returns HTTP 500 instead of HTTP 401, leaking information about credential handling and enabling enumeration attacks.

Changes

  • UnityAuthenticationProvider.authenticate(): Added early validation for null/empty credentials before processing, returning CREDENTIALS_DO_NOT_MATCH failure consistent with other auth failures
if (authenticationRequest.getIdentity() == null ||
    authenticationRequest.getIdentity().toString().isEmpty() ||
    authenticationRequest.getSecret() == null ||
    authenticationRequest.getSecret().toString().isEmpty()) {
  return Mono.just(AuthenticationResponse.failure(CREDENTIALS_DO_NOT_MATCH.toString()));
}
  • Tests: Added login_failsWithEmptyPassword() and login_failsWithEmptyUsername() to verify 401 response
Original prompt

Address issue #40

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI changed the title [WIP] Address issue number 40 Fix: Return 401 instead of 500 for empty credentials Jan 7, 2026
Copilot AI requested a review from stanleykc January 7, 2026 03:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stanleykc stanleykc Awaiting requested review from stanleykc

Assignees

@stanleykc stanleykc

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stanleykc