From e83ea7fd7618f18957f25560d40353fce96501cc Mon Sep 17 00:00:00 2001 From: Thareek Anvar M Date: Wed, 1 Mar 2023 20:03:43 +0530 Subject: [PATCH] fix: login security issue (#1198) * fix * fix bug * changes * Revert "changes" This reverts commit 2b2084c7bd1c9e4092e74d99b673728a89f0d267. * should close the toast if its error also * no internal errors + sso * change the text to Incorrect login credentials, please try again --- server/auth.go | 8 ++++---- web/src/components/Toast.tsx | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/server/auth.go b/server/auth.go index a5b68a1c..510074fd 100644 --- a/server/auth.go +++ b/server/auth.go @@ -31,10 +31,10 @@ func (s *Server) registerAuthRoutes(g *echo.Group) { } user, err := s.Store.FindUser(ctx, userFind) if err != nil && common.ErrorCode(err) != common.NotFound { - return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to find user by username %s", signin.Username)).SetInternal(err) + return echo.NewHTTPError(http.StatusInternalServerError, "Incorrect login credentials, please try again") } if user == nil { - return echo.NewHTTPError(http.StatusUnauthorized, fmt.Sprintf("User not found with username %s", signin.Username)) + return echo.NewHTTPError(http.StatusUnauthorized, "Incorrect login credentials, please try again") } else if user.RowStatus == api.Archived { return echo.NewHTTPError(http.StatusForbidden, fmt.Sprintf("User has been archived with username %s", signin.Username)) } @@ -42,7 +42,7 @@ func (s *Server) registerAuthRoutes(g *echo.Group) { // Compare the stored hashed password, with the hashed version of the password that was received. if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(signin.Password)); err != nil { // If the two passwords don't match, return a 401 status. - return echo.NewHTTPError(http.StatusUnauthorized, "Incorrect password").SetInternal(err) + return echo.NewHTTPError(http.StatusUnauthorized, "Incorrect login credentials, please try again") } if err = setUserSession(c, user); err != nil { @@ -99,7 +99,7 @@ func (s *Server) registerAuthRoutes(g *echo.Group) { Username: &userInfo.Identifier, }) if err != nil && common.ErrorCode(err) != common.NotFound { - return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to find user by username %s", userInfo.Identifier)).SetInternal(err) + return echo.NewHTTPError(http.StatusInternalServerError, "Incorrect login credentials, please try again") } if user == nil { userCreate := &api.UserCreate{ diff --git a/web/src/components/Toast.tsx b/web/src/components/Toast.tsx index 05dffc3e..2b5ba9d0 100644 --- a/web/src/components/Toast.tsx +++ b/web/src/components/Toast.tsx @@ -94,7 +94,7 @@ const initialToastHelper = () => { return showToast({ type: "success", content, duration }); }; - const error = (content: string, duration = -1) => { + const error = (content: string, duration = 5000) => { return showToast({ type: "error", content, duration }); };