ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-10-31 15:53:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Return generic auth error to prevent user enumeration attacks

Browse Source 
On invalid user/password error the error message "Invalid email or password" is returned.
Thereby, no information about the existence of the user is given.
This commit is contained in:
tametsi
2024-11-22 10:30:58 +01:00
parent 25a26d6175
commit 640a1eeb68
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
backend/internal/token.js
View File

@@ -5,6 +5,8 @@ const authModel = require('../models/auth');
const helpers = require('../lib/helpers');
const TokenModel = require('../models/token');
const ERROR_MESSAGE_INVALID_AUTH = 'Invalid email or password';
module.exports = {
/**
@@ -69,15 +71,15 @@ module.exports = {
};
});
} else {
throw new error.AuthError('Invalid password');
throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
}
});
} else {
throw new error.AuthError('No password auth for user');
throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
}
});
} else {
throw new error.AuthError('No relevant user found');
throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
}
});
},