[Security] Exception on empty JSON login username/password too generic

### Symfony version(s) affected

7.3.1

### Description

With https://github.com/symfony/symfony/pull/46118 passing an empty username/password to the JSON login was deprecated and https://github.com/symfony/symfony/pull/50866 turned this deprecation into an exception.

However, the currently thrown `BadRequestHttpException` is too generic. Passing an empty username/password is not a bad HTTP request, the request payload is well-formed. That an empty username/password is rejected is a requirement of the security domain. Thus an exception more specific to the security domain should be thrown instead.

### How to reproduce

Try to pass an empty username or password to the JSON login.

### Possible Solution

When taking https://github.com/symfony/symfony/pull/58007 into account, the JSON login could throw the `BadCredentialsException` instead. Or switch back to not throwing an exception at all on empty username/password since the `UserBadge` will throw a `BadCredentialsException` anyways with Symfony 8.

### Additional Context

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[Security] Exception on empty JSON login username/password too generic #61100

Symfony version(s) affected

Description

How to reproduce

Possible Solution

Additional Context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

[Security] Exception on empty JSON login username/password too generic #61100

Description

Symfony version(s) affected

Description

How to reproduce

Possible Solution

Additional Context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions