From 71cbb1d51975893ce523e33c37496213349d9646 Mon Sep 17 00:00:00 2001
From: Philippe Pittoli <karchnu@karchnu.fr>
Date: Wed, 14 Jun 2023 01:51:55 +0200
Subject: [PATCH] Invalid credentials error message.

---
 src/requests/login.cr   | 6 +++---
 src/responses/errors.cr | 6 ++++++
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/requests/login.cr b/src/requests/login.cr
index 3397d8d..3e84884 100644
--- a/src/requests/login.cr
+++ b/src/requests/login.cr
@@ -12,15 +12,15 @@ class AuthD::Request
 			rescue e : DODB::MissingEntry
 				# This lack of proper error message is intentional.
 				# Let attackers try to authenticate themselves with a wrong login.
-				return Response::Error.new "invalid credentials"
+				return Response::ErrorInvalidCredentials.new
 			end
 
 			# This line is basically just to please the Crystal's type system.
 			# No user means DODB::MissingEntry, so it's already covered.
-			return Response::Error.new "invalid credentials" if user.nil?
+			return Response::ErrorInvalidCredentials.new if user.nil?
 
 			if user.password_hash != authd.hash_password @password
-				return Response::Error.new "invalid credentials"
+				return Response::ErrorInvalidCredentials.new
 			end
 
 			user.date_last_connection = Time.local
diff --git a/src/responses/errors.cr b/src/responses/errors.cr
index 7a735eb..bc7cdfc 100644
--- a/src/responses/errors.cr
+++ b/src/responses/errors.cr
@@ -59,4 +59,10 @@ class AuthD::Response
 		end
 	end
 	AuthD.responses << ErrorInvalidEmailFormat
+
+	IPC::JSON.message ErrorInvalidCredentials, 29 do
+		def initialize()
+		end
+	end
+	AuthD.responses << ErrorInvalidCredentials
 end