Fixed #10450: Different errormessages on login failure
This commit is contained in:
Arjan Widlak
parent
20a333cde8
commit
aab891a5b6
5 changed files with 21 additions and 8 deletions
|
|
@ -1,4 +1,6 @@
|
|||
7.7.9
|
||||
- fixed #10450: A different errormessage is given if the username does exist and
|
||||
does not exist. (Arjan Widlak / United Knowledge)
|
||||
- fixed: Reverted bugfix for 10409 and changed the hover help to reflect the correct way to build list-type form controls in the MetaData.
|
||||
- fixed: Template parser cannot be set
|
||||
- fixed #10361: Shortcuts duplicate extra header tags
|
||||
|
|
|
|||
|
|
@ -134,7 +134,7 @@ sub authenticate {
|
|||
my $uid = $user->{userId};
|
||||
#If userId does not exist or is not active, fail login
|
||||
if (!$uid) {
|
||||
$self->error($i18n->get(68));
|
||||
$self->authenticationError;
|
||||
return 0;
|
||||
} elsif($user->{status} ne 'Active') {
|
||||
$self->error($i18n->get(820));
|
||||
|
|
@ -147,6 +147,22 @@ sub authenticate {
|
|||
return 1;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
=head2 authenticationError
|
||||
|
||||
This subroutine is called by authenticate and its subclasses to make
|
||||
sure these subroutines return the same errormessage on login failure.
|
||||
Different errormessages would reveil if a username exists after
|
||||
which only the password has to be guessed by brute force for example.
|
||||
|
||||
=cut
|
||||
|
||||
sub authenticationError {
|
||||
my $self = shift;
|
||||
my $i18n = WebGUI::International->new($self->session);
|
||||
return ($self->error('<li>'.$i18n->get(68).'</li>'));
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 authMethod ( [authMethod] )
|
||||
|
|
|
|||
|
|
@ -180,7 +180,7 @@ sub authenticate {
|
|||
|
||||
# Authentication failed
|
||||
if ($auth->code == 48 || $auth->code == 49){
|
||||
$error .= '<li>'.$i18n->get(68).'</li>';
|
||||
$self->SUPER::authenticationError;
|
||||
}
|
||||
elsif ($auth->code > 0) { # Some other LDAP error happened
|
||||
$error .= '<li>LDAP error "'.$self->ldapStatusCode($auth->code).'" occured.'.$i18n->get(69).'</li>';
|
||||
|
|
|
|||
|
|
@ -126,7 +126,7 @@ sub authenticate {
|
|||
}
|
||||
$self->user(WebGUI::User->new($self->session,1));
|
||||
my $i18n = WebGUI::International->new($self->session);
|
||||
$self->error('<li>'.$i18n->get(68).'</li>');
|
||||
$self->SUPER::authenticationError;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -469,11 +469,6 @@ our $I18N = {
|
|||
lastUpdated => 1078854953
|
||||
},
|
||||
|
||||
'LDAPLink_104' => {
|
||||
message => q|The account information you supplied is invalid. Either the account does not exist or the username/password combination was incorrect.|,
|
||||
lastUpdated => 1078854953
|
||||
},
|
||||
|
||||
'LDAPLink_105' => {
|
||||
message => q|Invalid LDAP connection URL. Contact your administrator.|,
|
||||
lastUpdated => 1078854953
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue