Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Making all console authentication end-user error messages identical t…
…o prevent the possibility of enumerating registered usernames. (#785)
  • Loading branch information
michal-harish committed Feb 11, 2022
1 parent 15e86c4 commit afe8bd9
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions server/console_authenticate.go
Expand Up @@ -86,7 +86,7 @@ func (s *ConsoleServer) Authenticate(ctx context.Context, in *console.Authentica
}

if role == console.UserRole_USER_ROLE_UNKNOWN {
return nil, status.Error(codes.Unauthenticated, "Invalid Nakama Console credentials.")
return nil, status.Error(codes.Unauthenticated, "Invalid credentials.")
}

token := jwt.NewWithClaims(jwt.SigningMethodHS256, &ConsoleTokenClaims{
Expand Down Expand Up @@ -117,7 +117,7 @@ func (s *ConsoleServer) lookupConsoleUser(ctx context.Context, unameOrEmail, pas
// Check if it's disabled.
if dbDisableTime.Status == pgtype.Present && dbDisableTime.Time.Unix() != 0 {
s.logger.Info("Console user account is disabled.", zap.String("username", unameOrEmail))
err = status.Error(codes.PermissionDenied, "Console user account banned.")
err = status.Error(codes.PermissionDenied, "Invalid credentials.")
return
}

Expand Down

0 comments on commit afe8bd9

Please sign in to comment.