mirror of
https://github.com/plankanban/planka.git
synced 2025-07-19 05:09:43 +02:00
fix: more generic error messages on login
This commit is contained in:
parent
b2e1fba9a0
commit
9a5049472f
6 changed files with 28 additions and 0 deletions
|
@ -28,6 +28,11 @@ const createMessage = (error) => {
|
|||
type: 'error',
|
||||
content: 'common.invalidPassword',
|
||||
};
|
||||
case 'Invalid credentials':
|
||||
return {
|
||||
type: 'error',
|
||||
content: 'common.invalidCredentials',
|
||||
};
|
||||
case 'Use single sign-on':
|
||||
return {
|
||||
type: 'error',
|
||||
|
@ -116,6 +121,10 @@ const Login = React.memo(
|
|||
useEffect(() => {
|
||||
if (wasSubmitting && !isSubmitting && error) {
|
||||
switch (error.message) {
|
||||
case 'Invalid credentials':
|
||||
emailOrUsernameField.current.select();
|
||||
|
||||
break;
|
||||
case 'Invalid email or username':
|
||||
emailOrUsernameField.current.select();
|
||||
|
||||
|
|
|
@ -3,6 +3,7 @@ export default {
|
|||
common: {
|
||||
emailOrUsername: 'E-mail or username',
|
||||
invalidEmailOrUsername: 'Invalid e-mail or username',
|
||||
invalidCredentials: 'Invalid credentials',
|
||||
invalidPassword: 'Invalid password',
|
||||
logInToPlanka: 'Log in to Planka',
|
||||
noInternetConnection: 'No internet connection',
|
||||
|
|
|
@ -31,6 +31,8 @@ services:
|
|||
# - DEFAULT_ADMIN_NAME=Demo Demo
|
||||
# - DEFAULT_ADMIN_USERNAME=demo
|
||||
|
||||
# - ENABLE_VERBOSE_ON_LOGIN=false # Set to true will show more verbose error messages on login. Should not be disabled without a rate limiter for security reasons.
|
||||
|
||||
# - ALLOW_ALL_TO_CREATE_PROJECTS=true
|
||||
|
||||
# - OIDC_ISSUER=
|
||||
|
|
|
@ -22,6 +22,8 @@ SECRET_KEY=notsecretkey
|
|||
# DEFAULT_ADMIN_NAME=Demo Demo
|
||||
# DEFAULT_ADMIN_USERNAME=demo
|
||||
|
||||
# ENABLE_VERBOSE_ON_LOGIN=false # Set to true will show more verbose error messages on login. Should not be disabled without a rate limiter for security reasons.
|
||||
|
||||
# ALLOW_ALL_TO_CREATE_PROJECTS=true
|
||||
|
||||
# OIDC_ISSUER=
|
||||
|
|
|
@ -10,6 +10,9 @@ const Errors = {
|
|||
INVALID_PASSWORD: {
|
||||
invalidPassword: 'Invalid password',
|
||||
},
|
||||
INVALID_CREDENTIALS: {
|
||||
invalidCredentials: 'Invalid credentials',
|
||||
},
|
||||
USE_SINGLE_SIGN_ON: {
|
||||
useSingleSignOn: 'Use single sign-on',
|
||||
},
|
||||
|
@ -40,6 +43,9 @@ module.exports = {
|
|||
invalidPassword: {
|
||||
responseType: 'unauthorized',
|
||||
},
|
||||
invalidCredentials: {
|
||||
responseType: 'unauthorized',
|
||||
},
|
||||
useSingleSignOn: {
|
||||
responseType: 'forbidden',
|
||||
},
|
||||
|
@ -57,6 +63,9 @@ module.exports = {
|
|||
sails.log.warn(
|
||||
`Invalid email or username: "${inputs.emailOrUsername}"! (IP: ${remoteAddress})`,
|
||||
);
|
||||
if (sails.config.custom.enableVerboseOnLogin) {
|
||||
throw Errors.INVALID_CREDENTIALS;
|
||||
}
|
||||
throw Errors.INVALID_EMAIL_OR_USERNAME;
|
||||
}
|
||||
|
||||
|
@ -66,6 +75,9 @@ module.exports = {
|
|||
|
||||
if (!bcrypt.compareSync(inputs.password, user.password)) {
|
||||
sails.log.warn(`Invalid password! (IP: ${remoteAddress})`);
|
||||
if (sails.config.custom.enableVerboseOnLogin) {
|
||||
throw Errors.INVALID_CREDENTIALS;
|
||||
}
|
||||
throw Errors.INVALID_PASSWORD;
|
||||
}
|
||||
|
||||
|
|
|
@ -36,6 +36,8 @@ module.exports.custom = {
|
|||
|
||||
allowAllToCreateProjects: process.env.ALLOW_ALL_TO_CREATE_PROJECTS === 'true',
|
||||
|
||||
enableVerboseOnLogin: process.env.ENABLE_VERBOSE_ON_LOGIN ? process.env.ENABLE_VERBOSE_ON_LOGIN === 'true' : true,
|
||||
|
||||
oidcIssuer: process.env.OIDC_ISSUER,
|
||||
oidcClientId: process.env.OIDC_CLIENT_ID,
|
||||
oidcClientSecret: process.env.OIDC_CLIENT_SECRET,
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue