Merge pull request #184 from ParsePlatform/login_force_string

Reject login when invalid username or password type is provided

Author: peterdotjs

src/ParseUser.js

@@ -539,6 +539,21 @@ export default class ParseUser extends ParseObject {
    *     the login completes.
    */
   static logIn(username, password, options) {
+    if (typeof username !== 'string') {
+      return ParsePromise.error(
+        new ParseError(
+          ParseError.OTHER_CAUSE,
+          'Username must be a string.'
+        )
+      );
+    } else if (typeof password !== 'string') {
+      return ParsePromise.error(
+        new ParseError(
+          ParseError.OTHER_CAUSE,
+          'Password must be a string.'
+        )
+      );
+    }
     var user = new ParseUser();
     user._finishFetch({ username: username, password: password });
     return user.logIn(options);

src/__tests__/ParseUser-test.js

@@ -179,6 +179,22 @@ describe('ParseUser', () => {
     });
   }));
 
+  it('fail login when invalid username or password is used', asyncHelper((done) => {
+    ParseUser.enableUnsafeCurrentUser();
+    ParseUser._clearCache();
+    ParseUser.logIn({}, 'password').then(null, (err) => {
+      expect(err.code).toBe(ParseError.OTHER_CAUSE);
+      expect(err.message).toBe('Username must be a string.');
+      
+      return ParseUser.logIn('username', {});
+    }).then(null, (err) => {
+      expect(err.code).toBe(ParseError.OTHER_CAUSE);
+      expect(err.message).toBe('Password must be a string.');
+      
+      done();
+    });
+  }));
+
   it('preserves changes when logging in', asyncHelper((done) => {
     ParseUser.enableUnsafeCurrentUser();
     ParseUser._clearCache();