Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

generalize credential-invalid-message to improve security #211

Merged
merged 1 commit into from

2 participants

@masche842
Collaborator

... and here it is.

@tvdeyen tvdeyen merged commit 2422ffc into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
View
2  app/models/alchemy/user_session.rb
@@ -2,6 +2,8 @@ module Alchemy
class UserSession < Authlogic::Session::Base
logout_on_timeout(::Rails.env != 'development')
+ generalize_credentials_error_messages true
+
before_destroy :unlock_pages
def unlock_pages
View
2  config/locales/alchemy.de.yml
@@ -807,6 +807,7 @@ de:
error_messages:
login_blank: "^Es wurde kein Benutzername angeben."
login_not_found: "^Dieser Benutzername existiert nicht."
+ general_credentials_error: "Die Kombination aus Benutzername und Passwort ist nicht gültig."
consecutive_failed_logins_limit_exceeded: "Zu viele Fehlversuche! Dieser Account ist aus Sicherheitsgründen gesperrt worden. Bitte wenden Sie sich an den Administrator."
email_invalid: "Die Email-Adresse entspricht nicht dem Format einer Email-Adresse."
password_blank: "^Bitte ein Passwort angegeben."
@@ -827,3 +828,4 @@ de:
email: Email
password: Passwort
remember_me: "eingeloggt bleiben"
+
View
2  config/locales/alchemy.en.yml
@@ -599,6 +599,7 @@ en:
error_messages:
login_blank: 'can not be blank'
login_not_found: 'could not be found'
+ general_credentials_error: "User does not exist or invalid password!"
consecutive_failed_logins_limit_exceeded: 'Consecutive failed logins limit exceeded, account is disabled.'
email_invalid: 'should look like an email address.'
password_blank: 'can not be blank'
@@ -618,3 +619,4 @@ en:
email: Email
password: Password
remember_me: 'remember me'
+
Something went wrong with that request. Please try again.