Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Show error message when CSRF check fails at login #40799

Merged
merged 1 commit into from Nov 8, 2023
Merged

fix: Show error message when CSRF check fails at login #40799

merged 1 commit into from Nov 8, 2023
+18 −4

Conversation

ChristophWurst
Copy link
Member

@ChristophWurst ChristophWurst commented Oct 6, 2023
edited

Summary

This is also known as the "double login"

How to test

  1. Be logged out
  2. Open the login page
  3. Clear browser cookies
  4. Enter credentials and submit the form

master: you see the same page again, no changes
here: you see the same page again but with an error message

Before After
Bildschirmfoto vom 2023-10-06 10-52-06 Bildschirmfoto vom 2023-10-06 12-41-26

Checklist

@ChristophWurst ChristophWurst added this to the Nextcloud 28 milestone Oct 6, 2023
@ChristophWurst ChristophWurst self-assigned this Oct 6, 2023
@ChristophWurst
Copy link
Member Author

/backport to stable27

@ChristophWurst
Copy link
Member Author

/backport to stable26

@ChristophWurst ChristophWurst mentioned this pull request Oct 6, 2023
Open
8 tasks
@ChristophWurst ChristophWurst added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Oct 6, 2023
@solracsf
Copy link
Member

solracsf commented Oct 6, 2023

I would recommend a message like "Internal checks failed. Please try again.".
Why ? Because at least user knows this is not a password or user problem, but a temporary server (internal) issue.

@ChristophWurst
Copy link
Member Author

Adjusted. I also fixed that the NcNoteCard was used incorrectly.

@ChristophWurst ChristophWurst force-pushed the fix/login-csrf-check-error-message branch from cb08db2 to 129c7b7 Compare October 9, 2023 10:32
@ChristophWurst
Copy link
Member Author

/compile amend /

@ChristophWurst ChristophWurst force-pushed the fix/login-csrf-check-error-message branch from 129c7b7 to 4d0e11e Compare October 10, 2023 09:37
@ChristophWurst
Copy link
Member Author

/rebase

@ChristophWurst ChristophWurst force-pushed the fix/login-csrf-check-error-message branch 3 times, most recently from 1fe02f9 to e7d8876 Compare October 17, 2023 18:33
@skjnldsv skjnldsv mentioned this pull request Nov 1, 2023
Merged
@ChristophWurst ChristophWurst force-pushed the fix/login-csrf-check-error-message branch from e7d8876 to 269dc52 Compare November 2, 2023 09:44
@blizzz blizzz mentioned this pull request Nov 6, 2023
Merged
@ChristophWurst
fix: Show error message when CSRF check fails at login
a5422a3 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
@ChristophWurst ChristophWurst force-pushed the fix/login-csrf-check-error-message branch from 269dc52 to a5422a3 Compare November 8, 2023 14:18
@ChristophWurst ChristophWurst merged commit d751bae into master Nov 8, 2023
49 of 50 checks passed
@ChristophWurst ChristophWurst deleted the fix/login-csrf-check-error-message branch November 8, 2023 15:33
@ChristophWurst ChristophWurst mentioned this pull request Dec 1, 2023
Merged
@solracsf solracsf mentioned this pull request Feb 2, 2024
Open
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@miaulalala miaulalala miaulalala approved these changes

@skjnldsv skjnldsv skjnldsv approved these changes

@provokateurin provokateurin provokateurin approved these changes

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

@artonge artonge Awaiting requested review from artonge

@CarlSchwan CarlSchwan Awaiting requested review from CarlSchwan

Assignees

@ChristophWurst ChristophWurst

Labels
4. to release Ready to be released and/or waiting for tests to finish bug feature: authentication
Projects
💌 📅 👥 Groupware team
Archived in project
Milestone
Nextcloud 28
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@ChristophWurst @solracsf @miaulalala @skjnldsv @provokateurin