Merge pull request #899 from ltb-project/772-remove-obscure-failure-m…

…essages-opion Remove obscure_failure_messages option
ltb-project · May 3, 2024 · 4ea8803 · 4ea8803
2 parents 643ac2f + 01fd3b1
commit 4ea8803
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 14 deletions.
diff --git a/conf/config.inc.php b/conf/config.inc.php
@@ -416,9 +416,6 @@
 #setlocale(LC_CTYPE, "en_US.UTF-8");
 
 # Hide some messages to not disclose sensitive information
-# These messages will be replaced by badcredentials error
-# by default mailnomatch is obscured since it can disclose account existence
-$obscure_failure_messages = array("mailnomatch");
 $obscure_usernotfound_sendtoken = true;
 $obscure_notfound_sendsms = true;
 

diff --git a/docs/config_general.rst b/docs/config_general.rst
@@ -213,15 +213,8 @@ characters in login with ``$login_forbidden_chars``:
 .. tip:: If no characters are configured in ``$login_forbidden_chars``,
    only alphanumeric characters are allowed.
 
-You can configure "obscure" messages, so that some errors are not
-displayed and replaced by a generic "bad credentials" error:
-
-.. code-block:: php
-
-   $obscure_failure_messages = array("mailnomatch");
-
-For the reset process via mail token and send sms token, there are also a specific parameters,
-enabled by default, to avoid account disclosure:
+For the reset process via mail token and send sms token, errors are hidden
+by default, to avoid account disclosure:
 
 .. code-block:: php
 

diff --git a/docs/upgrade.rst b/docs/upgrade.rst
@@ -19,6 +19,16 @@ The default notification's behaviour for sms is obscured. To change this behavio
 
    $obscure_notfound_sendsms = false;
 
+Option obscure_failure_messages
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The option obscure_failure_messages has been removed in favor of the specific options for Mail and SMS:
+
+.. code-block:: php
+
+   $obscure_usernotfound_sendtoken = true;
+   $obscure_notfound_sendsms = true;
+
 SMS API
 ~~~~~~~
 

diff --git a/htdocs/index.php b/htdocs/index.php
@@ -363,8 +363,6 @@
 if (isset($displayname[0])) { $smarty->assign('displayname', $displayname[0]); }
 if (isset($encrypted_sms_login)) { $smarty->assign('encrypted_sms_login', $encrypted_sms_login); }
 
-if (isset($obscure_failure_messages) && in_array($result, $obscure_failure_messages) ) { $result = "badcredentials"; }
-
 # Set error message, criticity and fa_class
 
 if ($result) {