From aab891a5b658f3c5bb57dc6040a816308020e5bc Mon Sep 17 00:00:00 2001
From: Arjan Widlak <webgui-git@widlak.nl>
Date: Sun, 31 May 2009 20:39:12 +0000
Subject: [PATCH] Fixed #10450: Different errormessages on login failure

---
 docs/changelog/7.x.x.txt            |  2 ++
 lib/WebGUI/Auth.pm                  | 18 +++++++++++++++++-
 lib/WebGUI/Auth/LDAP.pm             |  2 +-
 lib/WebGUI/Auth/WebGUI.pm           |  2 +-
 lib/WebGUI/i18n/English/AuthLDAP.pm |  5 -----
 5 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index d8d35b573..7cdbdf506 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -1,4 +1,6 @@
 7.7.9
+ - fixed #10450: A different errormessage is given if the username does exist and
+   does not exist. (Arjan Widlak / United Knowledge)
  - fixed: Reverted bugfix for 10409 and changed the hover help to reflect the correct way to build list-type form controls in the MetaData.
  - fixed: Template parser cannot be set
  - fixed #10361: Shortcuts duplicate extra header tags
diff --git a/lib/WebGUI/Auth.pm b/lib/WebGUI/Auth.pm
index 1649cb294..0ee7a2c34 100644
--- a/lib/WebGUI/Auth.pm
+++ b/lib/WebGUI/Auth.pm
@@ -134,7 +134,7 @@ sub authenticate {
 	my $uid = $user->{userId};
 	#If userId does not exist or is not active, fail login
 	if (!$uid) {
-		$self->error($i18n->get(68));
+		$self->authenticationError;
 		return 0;
 	} elsif($user->{status} ne 'Active') {
 		$self->error($i18n->get(820));
@@ -147,6 +147,22 @@ sub authenticate {
 	return 1;
 }
 
+#-------------------------------------------------------------------
+=head2 authenticationError
+
+This subroutine is called by authenticate and its subclasses to make
+sure these subroutines return the same errormessage on login failure.
+Different errormessages would reveil if a username exists after
+which only the password has to be guessed by brute force for example.
+
+=cut
+
+sub authenticationError {
+	my $self = shift;
+	my $i18n = WebGUI::International->new($self->session);
+	return ($self->error('<li>'.$i18n->get(68).'</li>'));
+}
+
 #-------------------------------------------------------------------
 
 =head2 authMethod ( [authMethod] )
diff --git a/lib/WebGUI/Auth/LDAP.pm b/lib/WebGUI/Auth/LDAP.pm
index 9143893ed..0c62455d0 100644
--- a/lib/WebGUI/Auth/LDAP.pm
+++ b/lib/WebGUI/Auth/LDAP.pm
@@ -180,7 +180,7 @@ sub authenticate {
         
         # Authentication failed
         if ($auth->code == 48 || $auth->code == 49){
-            $error .= '<li>'.$i18n->get(68).'</li>';
+            $self->SUPER::authenticationError;
         }
         elsif ($auth->code > 0) { # Some other LDAP error happened
             $error .= '<li>LDAP error "'.$self->ldapStatusCode($auth->code).'" occured.'.$i18n->get(69).'</li>';
diff --git a/lib/WebGUI/Auth/WebGUI.pm b/lib/WebGUI/Auth/WebGUI.pm
index 13e2935f3..fe8ceaf05 100644
--- a/lib/WebGUI/Auth/WebGUI.pm
+++ b/lib/WebGUI/Auth/WebGUI.pm
@@ -126,7 +126,7 @@ sub authenticate {
 	} 
 	$self->user(WebGUI::User->new($self->session,1));
 	my $i18n = WebGUI::International->new($self->session);
-	$self->error('<li>'.$i18n->get(68).'</li>');
+	$self->SUPER::authenticationError;
 	return 0;
 }
 
diff --git a/lib/WebGUI/i18n/English/AuthLDAP.pm b/lib/WebGUI/i18n/English/AuthLDAP.pm
index 6bc06cde4..7b32d5af4 100644
--- a/lib/WebGUI/i18n/English/AuthLDAP.pm
+++ b/lib/WebGUI/i18n/English/AuthLDAP.pm
@@ -469,11 +469,6 @@ our $I18N = {
 		lastUpdated => 1078854953
 	},
 
-	'LDAPLink_104' => {
-		message => q|The account information you supplied is invalid. Either the account does not exist or the username/password combination was incorrect.|,
-		lastUpdated => 1078854953
-	},
-
 	'LDAPLink_105' => {
 		message => q|Invalid LDAP connection URL. Contact your administrator.|,
 		lastUpdated => 1078854953