Very Serious Bug!!! Failed Oauth but return a user

[amazement1]

Bug report

Today I started implementing the Oauth for Apple login and found a big bug !

To Reproduce

The below code will success and return the first user of my database to the requester!

export class AccountsAppleProvider {
    async authenticate(params) {
       return null;
    }
}

Steps to reproduce the behavior, please provide code snippets or a repository. You should add some null check before database finding

    async findUserByServiceId(serviceName, serviceId) {
    //------ You should add some null check before database query ------
        const user = await this.collection.findOne({
            [`services.${serviceName}.id`]: serviceId,
        });
        if (user) {
            user.id = user._id.toString();
        }
        return user;
    }```