From 2b258fda885172c1e523b5232941bff0457cb6e0 Mon Sep 17 00:00:00 2001
From: jalbersdorfer <jalbersdorfer@me.com>
Date: Mon, 16 Sep 2019 17:24:31 +0200
Subject: [PATCH] fix: LocalStrategy authenticates without username (#1560)

#1559
---
 packages/authentication-local/src/strategy.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/packages/authentication-local/src/strategy.ts b/packages/authentication-local/src/strategy.ts
index 28faf7c56b..4f182fd612 100644
--- a/packages/authentication-local/src/strategy.ts
+++ b/packages/authentication-local/src/strategy.ts
@@ -45,6 +45,10 @@ export class LocalStrategy extends AuthenticationBaseStrategy {
 
   async findEntity (username: string, params: Params) {
     const { entityUsernameField, service, errorMessage } = this.configuration;
+    if (!username) { // don't query for users without any condition set.
+      throw new NotAuthenticated(errorMessage);
+    }
+
     const query = await this.getEntityQuery({
       [entityUsernameField]: username
     }, params);