Invalid credentials error message.

This commit is contained in:
Philippe Pittoli 2023-06-14 01:51:55 +02:00
parent 7dfbeacd68
commit 71cbb1d519
2 changed files with 9 additions and 3 deletions

View File

@ -12,15 +12,15 @@ class AuthD::Request
rescue e : DODB::MissingEntry
# This lack of proper error message is intentional.
# Let attackers try to authenticate themselves with a wrong login.
return Response::Error.new "invalid credentials"
return Response::ErrorInvalidCredentials.new
end
# This line is basically just to please the Crystal's type system.
# No user means DODB::MissingEntry, so it's already covered.
return Response::Error.new "invalid credentials" if user.nil?
return Response::ErrorInvalidCredentials.new if user.nil?
if user.password_hash != authd.hash_password @password
return Response::Error.new "invalid credentials"
return Response::ErrorInvalidCredentials.new
end
user.date_last_connection = Time.local

View File

@ -59,4 +59,10 @@ class AuthD::Response
end
end
AuthD.responses << ErrorInvalidEmailFormat
IPC::JSON.message ErrorInvalidCredentials, 29 do
def initialize()
end
end
AuthD.responses << ErrorInvalidCredentials
end