From 71cbb1d51975893ce523e33c37496213349d9646 Mon Sep 17 00:00:00 2001 From: Philippe Pittoli Date: Wed, 14 Jun 2023 01:51:55 +0200 Subject: [PATCH] Invalid credentials error message. --- src/requests/login.cr | 6 +++--- src/responses/errors.cr | 6 ++++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/requests/login.cr b/src/requests/login.cr index 3397d8d..3e84884 100644 --- a/src/requests/login.cr +++ b/src/requests/login.cr @@ -12,15 +12,15 @@ class AuthD::Request rescue e : DODB::MissingEntry # This lack of proper error message is intentional. # Let attackers try to authenticate themselves with a wrong login. - return Response::Error.new "invalid credentials" + return Response::ErrorInvalidCredentials.new end # This line is basically just to please the Crystal's type system. # No user means DODB::MissingEntry, so it's already covered. - return Response::Error.new "invalid credentials" if user.nil? + return Response::ErrorInvalidCredentials.new if user.nil? if user.password_hash != authd.hash_password @password - return Response::Error.new "invalid credentials" + return Response::ErrorInvalidCredentials.new end user.date_last_connection = Time.local diff --git a/src/responses/errors.cr b/src/responses/errors.cr index 7a735eb..bc7cdfc 100644 --- a/src/responses/errors.cr +++ b/src/responses/errors.cr @@ -59,4 +59,10 @@ class AuthD::Response end end AuthD.responses << ErrorInvalidEmailFormat + + IPC::JSON.message ErrorInvalidCredentials, 29 do + def initialize() + end + end + AuthD.responses << ErrorInvalidCredentials end