fix: throw error when uid or password is missing

src/mixins/with_auth_finder.ts

@@ -73,6 +73,13 @@ export function withAuthFinder(
         uid: string,
         password: string
       ) {
+        /**
+         * Fail when uid or the password are missing
+         */
+        if (!uid || !password) {
+          throw new E_INVALID_CREDENTIALS('Invalid user credentials')
+        }
+
         const user = await this.findForAuth(options.uids, uid)
         if (!user) {
           await hash.make(password)

tests/auth/mixins/with_auth_finder.spec.ts

@@ -291,4 +291,36 @@ test.group('withAuthFinder | verify', () => {
     assert.isBelow(Math.abs(invalidPasswordTime.seconds - invalidEmailTime.seconds), 1)
     assert.isBelow(Math.abs(invalidPasswordTime.milliseconds - invalidEmailTime.milliseconds), 10)
   })
+
+  test('throw error when uid or password values are missing', async ({ assert }) => {
+    const db = await createDatabase()
+    await createTables(db)
+
+    const hash = getHasher()
+
+    class User extends compose(
+      BaseModel,
+      withAuthFinder(hash, {
+        uids: ['email', 'username'],
+        passwordColumnName: 'password',
+      })
+    ) {
+      @column({ isPrimary: true })
+      declare id: number
+
+      @column()
+      declare username: string
+
+      @column()
+      declare email: string
+
+      @column()
+      declare password: string
+    }
+
+    await assert.rejects(
+      () => User.verifyCredentials('[email protected]', ''),
+      'Invalid user credentials'
+    )
+  })
 })