mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-11-26 02:57:04 +00:00
hotfix merge #772 - yodax/generic-login-message
Make control panel login failed messages generic - don't reveal if an email address has an account on the system.
This commit is contained in:
parent
703e6795e8
commit
3843f63416
@ -11,6 +11,7 @@ Mail:
|
|||||||
Control panel:
|
Control panel:
|
||||||
|
|
||||||
* Prevent click-jacking of the management interface by adding HTTP headers.
|
* Prevent click-jacking of the management interface by adding HTTP headers.
|
||||||
|
* Failed login no longer reveals whether an account exists on the system.
|
||||||
|
|
||||||
Setup:
|
Setup:
|
||||||
|
|
||||||
|
@ -49,7 +49,7 @@ def authorized_personnel_only(viewfunc):
|
|||||||
except ValueError as e:
|
except ValueError as e:
|
||||||
# Authentication failed.
|
# Authentication failed.
|
||||||
privs = []
|
privs = []
|
||||||
error = str(e)
|
error = "Incorrect username or password"
|
||||||
|
|
||||||
# Authorized to access an API view?
|
# Authorized to access an API view?
|
||||||
if "admin" in privs:
|
if "admin" in privs:
|
||||||
@ -125,7 +125,7 @@ def me():
|
|||||||
except ValueError as e:
|
except ValueError as e:
|
||||||
return json_response({
|
return json_response({
|
||||||
"status": "invalid",
|
"status": "invalid",
|
||||||
"reason": str(e),
|
"reason": "Incorrect username or password",
|
||||||
})
|
})
|
||||||
|
|
||||||
resp = {
|
resp = {
|
||||||
|
Loading…
Reference in New Issue
Block a user