oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed #10450: Different errormessages on login failure

Browse source
This commit is contained in:
Arjan Widlak 2009-05-31 20:39:12 +00:00
parent 20a333cde8
commit aab891a5b6
5 changed files with 21 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

18
lib/WebGUI/Auth.pm
View file

@ -134,7 +134,7 @@ sub authenticate {
my $uid = $user->{userId};
#If userId does not exist or is not active, fail login
if (!$uid) {
$self->error($i18n->get(68));
$self->authenticationError;
return 0;
} elsif($user->{status} ne 'Active') {
$self->error($i18n->get(820));
@ -147,6 +147,22 @@ sub authenticate {
return 1;
}
#-------------------------------------------------------------------
=head2 authenticationError
This subroutine is called by authenticate and its subclasses to make
sure these subroutines return the same errormessage on login failure.
Different errormessages would reveil if a username exists after
which only the password has to be guessed by brute force for example.
=cut
sub authenticationError {
my $self = shift;
my $i18n = WebGUI::International->new($self->session);
return ($self->error('<li>'.$i18n->get(68).'</li>'));
}
#-------------------------------------------------------------------
=head2 authMethod ( [authMethod] )