Merge pull request #772 from yodax/generic-login-message

Make control panel login failed messages generic - don't reveal if an email address has an account on the system.
2024-11-22 02:17:26 +00:00 · 2016-03-26 09:22:02 -04:00 · 2016-03-26 09:22:02 -04:00 · 252c35c66e
commit 252c35c66e
parent 1e1c3cbd00 f292e8fc5b
1 changed files with 2 additions and 2 deletions
--- a/management/daemon.py
+++ b/management/daemon.py
@ -43,7 +43,7 @@ def authorized_personnel_only(viewfunc):
 		except ValueError as e:
 			# Authentication failed.
 			privs = []
-			error = str(e)
+			error = "Incorrect username or password"

 		# Authorized to access an API view?
 		if "admin" in privs:
@ -119,7 +119,7 @@ def me():
 	except ValueError as e:
 		return json_response({
 			"status": "invalid",
-			"reason": str(e),
+			"reason": "Incorrect username or password",
 			})

 	resp = {