sudoxreboot/habitica
1
0
Fork 0
mirror of https://github.com/sudoxnym/habitica.git synced 2026-05-24 22:55:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Made incorrect username and password show the same error, for security purposes.

Browse source
This commit is contained in:
Lorian 2014-02-07 21:08:13 -08:00
parent 25941623b1
commit 8d03cfc6b5
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/controllers/auth.js
View file

@ -108,14 +108,14 @@ api.loginLocal = function(req, res, next) {
if (!(username && password)) return res.json(401, {err:'Missing :username or :password in request body, please provide both'}); if (!(username && password)) return res.json(401, {err:'Missing :username or :password in request body, please provide both'});
User.findOne({'auth.local.username': username}, function(err, user){ User.findOne({'auth.local.username': username}, function(err, user){
if (err) return next(err); if (err) return next(err);
if (!user) return res.json(401, {err:"Username '" + username + "' not found. Usernames are case-sensitive, click 'Forgot Password' if you can't remember the capitalization."}); if (!user) return res.json(401, {err:"Username or password incorrect. Click 'Forgot Password' for help with either. (Note: usernames are case-sensitive)"});
// We needed the whole user object first so we can get his salt to encrypt password comparison // We needed the whole user object first so we can get his salt to encrypt password comparison
User.findOne({ User.findOne({
'auth.local.username': username, 'auth.local.username': username,
'auth.local.hashed_password': utils.encryptPassword(password, user.auth.local.salt) 'auth.local.hashed_password': utils.encryptPassword(password, user.auth.local.salt)
}, function(err, user){ }, function(err, user){
if (err) return next(err); if (err) return next(err);
if (!user) return res.json(401,{err:'Incorrect password'}); if (!user) return res.json(401,{err:"Username or password incorrect. Click 'Forgot Password' for help with either. (Note: usernames are case-sensitive)"});
res.json({id: user._id,token: user.apiToken}); res.json({id: user._id,token: user.apiToken});
}); });
}); });