Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-05-05 04:15:03 -04:00
Code Issues Projects Releases Packages Wiki Activity

Return the same error message from /login when password is incorrect and when account doesn't exist. (#12738)

Browse source
This commit is contained in:
Daniel Aloni 2022-06-07 17:58:48 +03:00 committed by GitHub
parent f30bcbd84a
commit b5a3aecf18
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
synapse/handlers/auth.py
View file

@ -81,6 +81,8 @@ if TYPE_CHECKING:
logger = logging.getLogger(__name__)
INVALID_USERNAME_OR_PASSWORD = "Invalid username or password"
def convert_client_dict_legacy_fields_to_identifier(
submission: JsonDict,
@ -1215,7 +1217,9 @@ class AuthHandler:
await self._failed_login_attempts_ratelimiter.can_do_action(
None, (medium, address)
)
raise LoginError(403, "", errcode=Codes.FORBIDDEN)
raise LoginError(
403, msg=INVALID_USERNAME_OR_PASSWORD, errcode=Codes.FORBIDDEN
)
identifier_dict = {"type": "m.id.user", "user": user_id}
@ -1341,7 +1345,7 @@ class AuthHandler:
# We raise a 403 here, but note that if we're doing user-interactive
# login, it turns all LoginErrors into a 401 anyway.
raise LoginError(403, "Invalid password", errcode=Codes.FORBIDDEN)
raise LoginError(403, msg=INVALID_USERNAME_OR_PASSWORD, errcode=Codes.FORBIDDEN)
async def check_password_provider_3pid(
self, medium: str, address: str, password: str