oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed #10450: Different errormessages on login failure

Browse source
This commit is contained in:
Arjan Widlak 2009-05-31 20:39:12 +00:00
parent 20a333cde8
commit aab891a5b6
5 changed files with 21 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/changelog/7.x.x.txt
View file

@ -1,4 +1,6 @@
7.7.9 7.7.9
- fixed #10450: A different errormessage is given if the username does exist and
does not exist. (Arjan Widlak / United Knowledge)
- fixed: Reverted bugfix for 10409 and changed the hover help to reflect the correct way to build list-type form controls in the MetaData. - fixed: Reverted bugfix for 10409 and changed the hover help to reflect the correct way to build list-type form controls in the MetaData.
- fixed: Template parser cannot be set - fixed: Template parser cannot be set
- fixed #10361: Shortcuts duplicate extra header tags - fixed #10361: Shortcuts duplicate extra header tags

18
lib/WebGUI/Auth.pm
View file

@ -134,7 +134,7 @@ sub authenticate {
my $uid = $user->{userId}; my $uid = $user->{userId};
#If userId does not exist or is not active, fail login #If userId does not exist or is not active, fail login
if (!$uid) { if (!$uid) {
$self->error($i18n->get(68)); $self->authenticationError;
return 0; return 0;
} elsif($user->{status} ne 'Active') { } elsif($user->{status} ne 'Active') {
$self->error($i18n->get(820)); $self->error($i18n->get(820));
@ -147,6 +147,22 @@ sub authenticate {
return 1; return 1;
} }
#-------------------------------------------------------------------
=head2 authenticationError
This subroutine is called by authenticate and its subclasses to make
sure these subroutines return the same errormessage on login failure.
Different errormessages would reveil if a username exists after
which only the password has to be guessed by brute force for example.
=cut
sub authenticationError {
my $self = shift;
my $i18n = WebGUI::International->new($self->session);
return ($self->error('<li>'.$i18n->get(68).'</li>'));
}
#------------------------------------------------------------------- #-------------------------------------------------------------------
=head2 authMethod ( [authMethod] ) =head2 authMethod ( [authMethod] )

2
lib/WebGUI/Auth/LDAP.pm
View file

@ -180,7 +180,7 @@ sub authenticate {
# Authentication failed # Authentication failed
if ($auth->code == 48 || $auth->code == 49){ if ($auth->code == 48 || $auth->code == 49){
$error .= '<li>'.$i18n->get(68).'</li>'; $self->SUPER::authenticationError;
} }
elsif ($auth->code > 0) { # Some other LDAP error happened elsif ($auth->code > 0) { # Some other LDAP error happened
$error .= '<li>LDAP error "'.$self->ldapStatusCode($auth->code).'" occured.'.$i18n->get(69).'</li>'; $error .= '<li>LDAP error "'.$self->ldapStatusCode($auth->code).'" occured.'.$i18n->get(69).'</li>';

2
lib/WebGUI/Auth/WebGUI.pm
View file

@ -126,7 +126,7 @@ sub authenticate {
} }
$self->user(WebGUI::User->new($self->session,1)); $self->user(WebGUI::User->new($self->session,1));
my $i18n = WebGUI::International->new($self->session); my $i18n = WebGUI::International->new($self->session);
$self->error('<li>'.$i18n->get(68).'</li>'); $self->SUPER::authenticationError;
return 0; return 0;
} }

5
lib/WebGUI/i18n/English/AuthLDAP.pm
View file

@ -469,11 +469,6 @@ our $I18N = {
lastUpdated => 1078854953 lastUpdated => 1078854953
}, },
'LDAPLink_104' => {
message => q|The account information you supplied is invalid. Either the account does not exist or the username/password combination was incorrect.|,
lastUpdated => 1078854953
},
'LDAPLink_105' => { 'LDAPLink_105' => {
message => q|Invalid LDAP connection URL. Contact your administrator.|, message => q|Invalid LDAP connection URL. Contact your administrator.|,
lastUpdated => 1078854953 lastUpdated => 1078854953