Existing error messages allow for user enumeration

[ross-u]

Issue

When running npx ironlauncher@latest <project-name> --auth --json, the created templates are using two different error messages on the login route that may allow for user enumeration.

Details

1. The following error message is returned as a reponse when the user is not found in the database:
   

   ironlauncher/template/json/authentication/routes/auth.routes.js

   Line 92 in f75aae7

   res.status(401).json({ message: "User not found." });

2. The following error message is returned as a reponse when the user provides an incorrect password.
   

   ironlauncher/template/json/authentication/routes/auth.routes.js

   Line 115 in f75aae7

   res.status(401).json({ message: "Unable to authenticate the user" });

Solution

To address the possibility of user enumeration, rename the error messages to be generic and not reveal specific information about the error.

res.status(401).json({ message: "Authentication failed." });

res.status(401).json({ message: "Authentication failed." });

This will ensure that the error messages do not give away specific information about the cause of authentication failure and prevent user enumeration.