fix(authn): quickly return when the password is absent in password-based authentication

apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl

@@ -173,6 +173,8 @@ update(Config, _State) ->
 
 authenticate(#{auth_method := _}, _) ->
     ignore;
+authenticate(#{password := undefined}, _) ->
+    {error, bad_username_or_password};
 authenticate(
     #{password := Password} = Credential,
     #{

apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl

@@ -160,6 +160,8 @@ destroy(#{resource_id := ResourceId}) ->
 
 authenticate(#{auth_method := _}, _) ->
     ignore;
+authenticate(#{password := undefined}, _) ->
+    {error, bad_username_or_password};
 authenticate(
     #{password := Password} = Credential,
     #{

apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl

@@ -110,6 +110,8 @@ destroy(#{resource_id := ResourceId}) ->
 
 authenticate(#{auth_method := _}, _) ->
     ignore;
+authenticate(#{password := undefined}, _) ->
+    {error, bad_username_or_password};
 authenticate(
     #{password := Password} = Credential,
     #{

apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl

@@ -113,6 +113,8 @@ destroy(#{resource_id := ResourceId}) ->
 
 authenticate(#{auth_method := _}, _) ->
     ignore;
+authenticate(#{password := undefined}, _) ->
+    {error, bad_username_or_password};
 authenticate(
     #{password := Password} = Credential,
     #{

apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl

@@ -148,6 +148,8 @@ destroy(#{resource_id := ResourceId}) ->
 
 authenticate(#{auth_method := _}, _) ->
     ignore;
+authenticate(#{password := undefined}, _) ->
+    {error, bad_username_or_password};
 authenticate(
     #{password := Password} = Credential,
     #{

apps/emqx_ldap/src/emqx_ldap_authn.erl

@@ -109,6 +109,8 @@ destroy(#{resource_id := ResourceId}) ->
 
 authenticate(#{auth_method := _}, _) ->
     ignore;
+authenticate(#{password := undefined}, _) ->
+    {error, bad_username_or_password};
 authenticate(
     #{password := Password} = Credential,
     #{