luckyimnotanigger/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-05-17 23:42:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

Log the real reason when authentication fails (but don't show the user) (#25414)

Browse source
This commit is contained in:
Lunny Xiao 2023-07-04 06:39:38 +08:00 committed by GitHub
parent ad57be04b8
commit 0403bd989f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 68 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

2
routers/web/auth/auth.go
View file

@ -201,7 +201,7 @@ func SignInPost(ctx *context.Context) {
u, source, err := auth_service.UserSignIn(form.UserName, form.Password)
if err != nil {
if user_model.IsErrUserNotExist(err) || user_model.IsErrEmailAddressNotExist(err) {
if errors.Is(err, util.ErrNotExist) || errors.Is(err, util.ErrInvalidArgument) {
ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplSignIn, &form)
log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
} else if user_model.IsErrEmailAlreadyUsed(err) {