tcjlj/nginx-proxy-manager-zh
1
0
Fork 0
mirror of https://github.com/xiaoxinpro/nginx-proxy-manager-zh.git synced 2025-01-22 12:58:13 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #4179 from tametsi/develop

Browse Source 
Return generic auth error to prevent user enumeration attacks
This commit is contained in:
jc21 2024-11-23 22:39:37 +10:00 committed by GitHub
commit 07a4e5791f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
backend/internal/token.js
View File

@ -5,6 +5,8 @@ const authModel = require('../models/auth');
const helpers = require('../lib/helpers'); const helpers = require('../lib/helpers');
const TokenModel = require('../models/token'); const TokenModel = require('../models/token');
const ERROR_MESSAGE_INVALID_AUTH = 'Invalid email or password';
module.exports = { module.exports = {
/** /**
@ -69,15 +71,15 @@ module.exports = {
}; };
}); });
} else { } else {
throw new error.AuthError('Invalid password'); throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
} }
}); });
} else { } else {
throw new error.AuthError('No password auth for user'); throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
} }
}); });
} else { } else {
throw new error.AuthError('No relevant user found'); throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
} }
}); });
}, },