mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-01-06 04:17:51 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1016 from Alkarex/login403

Browse Source 
HTTP 403 for invalid login
This commit is contained in:
Marien Fressinaud
2015-10-27 20:31:57 +01:00
parent b8b0ba6f24 c992b683a8
commit d677495ca3
2 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/Controllers/authController.php
View File

@@ -123,8 +123,8 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
$conf = get_user_configuration($username);
if (is_null($conf)) {
Minz_Request::bad(_t('feedback.auth.login.invalid'),
array('c' => 'auth', 'a' => 'login'));
Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
return;
}
$ok = FreshRSS_FormAuth::checkCredentials(
@@ -151,8 +151,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
' user=' . $username .
', nonce=' . $nonce .
', c=' . $challenge);
Minz_Request::bad(_t('feedback.auth.login.invalid'),
array('c' => 'auth', 'a' => 'login'));
Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
}
} elseif (FreshRSS_Context::$system_conf->unsafe_autologin_enabled) {
$username = Minz_Request::param('u', '');
@@ -184,8 +183,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
array('c' => 'index', 'a' => 'index'));
} else {
Minz_Log::warning('Unsafe password mismatch for user ' . $username);
Minz_Request::bad(_t('feedback.auth.login.invalid'),
array('c' => 'auth', 'a' => 'login'));
Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
}
}
}

9
app/Controllers/javascriptController.php
View File

@@ -43,7 +43,12 @@ class FreshRSS_javascript_Controller extends Minz_ActionController {
} else {
Minz_Log::notice('Nonce failure due to invalid username!');
}
$this->view->nonce = ''; //Failure
$this->view->salt1 = '';
//Failure: Return random data.
$this->view->salt1 = sprintf('$2a$%02d$', FreshRSS_user_Controller::BCRYPT_COST);
$alphabet = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
for ($i = 22; $i > 0; $i--) {
$this->view->salt1 .= $alphabet[rand(0, 63)];
}
$this->view->nonce = sha1(rand());
}
}