diff --git a/src/requests/login.cr b/src/requests/login.cr index 3397d8d..3e84884 100644 --- a/src/requests/login.cr +++ b/src/requests/login.cr @@ -12,15 +12,15 @@ class AuthD::Request rescue e : DODB::MissingEntry # This lack of proper error message is intentional. # Let attackers try to authenticate themselves with a wrong login. - return Response::Error.new "invalid credentials" + return Response::ErrorInvalidCredentials.new end # This line is basically just to please the Crystal's type system. # No user means DODB::MissingEntry, so it's already covered. - return Response::Error.new "invalid credentials" if user.nil? + return Response::ErrorInvalidCredentials.new if user.nil? if user.password_hash != authd.hash_password @password - return Response::Error.new "invalid credentials" + return Response::ErrorInvalidCredentials.new end user.date_last_connection = Time.local diff --git a/src/responses/errors.cr b/src/responses/errors.cr index 7a735eb..bc7cdfc 100644 --- a/src/responses/errors.cr +++ b/src/responses/errors.cr @@ -59,4 +59,10 @@ class AuthD::Response end end AuthD.responses << ErrorInvalidEmailFormat + + IPC::JSON.message ErrorInvalidCredentials, 29 do + def initialize() + end + end + AuthD.responses << ErrorInvalidCredentials end