User enumeration possible due to time difference

[6en6ar]

Describe the bug The /auth/login takes longer time to process correct usernames than incorrect ones leading to possible user enumeration. There is a ≈700ms difference between the username check and password check

Expected behavior The login should not take longer for correct usernames since it can be used to probe for valid accounts.

Screenshots / Live demo link