diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2015-10-25 13:24:48 +0100 |
|---|---|---|
| committer | Alexandre Alapetite <alexandre@alapetite.fr>
| 2015-10-25 13:24:48 +0100 |
| commit | 7bb28c3f2b77b109451e2514e83fa99789fee35e (patch) | |
| tree | 0db3eec55c63515032ac165e0edcb00d1f81f1c5 /app/Controllers/authController.php | |
| parent | eb912cc7a8599682a14f3bc779c494491a6da56b (diff) | |
HTTP 403 for invalid login
https://github.com/FreshRSS/FreshRSS/issues/1015
And does not leak if user exists or not
Diffstat (limited to 'app/Controllers/authController.php')
| -rw-r--r-- | app/Controllers/authController.php | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php index aff184263..bccce5a59 100644 --- a/app/Controllers/authController.php +++ b/app/Controllers/authController.php @@ -123,8 +123,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController { $conf = get_user_configuration($username); if (is_null($conf)) { - Minz_Request::bad(_t('feedback.auth.login.invalid'), - array('c' => 'auth', 'a' => 'login')); + Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false); } $ok = FreshRSS_FormAuth::checkCredentials( @@ -151,8 +150,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController { ' user=' . $username . ', nonce=' . $nonce . ', c=' . $challenge); - Minz_Request::bad(_t('feedback.auth.login.invalid'), - array('c' => 'auth', 'a' => 'login')); + Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false); } } elseif (FreshRSS_Context::$system_conf->unsafe_autologin_enabled) { $username = Minz_Request::param('u', ''); @@ -184,8 +182,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController { array('c' => 'index', 'a' => 'index')); } else { Minz_Log::warning('Unsafe password mismatch for user ' . $username); - Minz_Request::bad(_t('feedback.auth.login.invalid'), - array('c' => 'auth', 'a' => 'login')); + Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false); } } } |