Merge branch 'login403' into dev

2026-04-21 06:47:20 -04:00 · 2015-10-25 13:28:14 +01:00
parent e21187df20 7bb28c3f2b
commit 8ba8728bd7
2 changed files with 9 additions and 8 deletions
--- a/app/Controllers/authController.php
+++ b/app/Controllers/authController.php
@@ -123,8 +123,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {

 			$conf = get_user_configuration($username);
 			if (is_null($conf)) {
-				Minz_Request::bad(_t('feedback.auth.login.invalid'),
-				                  array('c' => 'auth', 'a' => 'login'));
+				Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
 			}

 			$ok = FreshRSS_FormAuth::checkCredentials(
@@ -151,8 +150,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 				                  ' user=' . $username .
 				                  ', nonce=' . $nonce .
 				                  ', c=' . $challenge);
-				Minz_Request::bad(_t('feedback.auth.login.invalid'),
-				                  array('c' => 'auth', 'a' => 'login'));
+				Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
 			}
 		} elseif (FreshRSS_Context::$system_conf->unsafe_autologin_enabled) {
 			$username = Minz_Request::param('u', '');
@@ -184,8 +182,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 				                   array('c' => 'index', 'a' => 'index'));
 			} else {
 				Minz_Log::warning('Unsafe password mismatch for user ' . $username);
-				Minz_Request::bad(_t('feedback.auth.login.invalid'),
-				                  array('c' => 'auth', 'a' => 'login'));
+				Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
 			}
 		}
 	}
--- a/app/Controllers/javascriptController.php
+++ b/app/Controllers/javascriptController.php
@@ -43,7 +43,11 @@ class FreshRSS_javascript_Controller extends Minz_ActionController {
 		} else {
 			Minz_Log::notice('Nonce failure due to invalid username!');
 		}
-		$this->view->nonce = '';	//Failure
-		$this->view->salt1 = '';
+		//Failure: Return random data.
+		$this->view->salt1 = sprintf('$2a$%02d$', FreshRSS_user_Controller::BCRYPT_COST);
+		for ($i = 22; $i > 0; $i--) {
+			$this->view->salt1 .= './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'[rand(0, 63)];
+		}
+		$this->view->nonce = sha1(rand());
 	}
 }