mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-04-04 14:43:32 -04:00
Code Issues Packages Projects Releases Wiki Activity

HTTP 403 for invalid login

Browse Source 
https://github.com/FreshRSS/FreshRSS/issues/1015
And does not leak if user exists or not
This commit is contained in:
Alexandre Alapetite
2015-10-25 13:24:48 +01:00
parent eb912cc7a8
commit 7bb28c3f2b
2 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/Controllers/authController.php
View File

@@ -123,8 +123,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
$conf = get_user_configuration($username);
if (is_null($conf)) {
Minz_Request::bad(_t('feedback.auth.login.invalid'),
array('c' => 'auth', 'a' => 'login'));
Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
}
$ok = FreshRSS_FormAuth::checkCredentials(
@@ -151,8 +150,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
' user=' . $username .
', nonce=' . $nonce .
', c=' . $challenge);
Minz_Request::bad(_t('feedback.auth.login.invalid'),
array('c' => 'auth', 'a' => 'login'));
Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
}
} elseif (FreshRSS_Context::$system_conf->unsafe_autologin_enabled) {
$username = Minz_Request::param('u', '');
@@ -184,8 +182,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
array('c' => 'index', 'a' => 'index'));
} else {
Minz_Log::warning('Unsafe password mismatch for user ' . $username);
Minz_Request::bad(_t('feedback.auth.login.invalid'),
array('c' => 'auth', 'a' => 'login'));
Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
}
}
}