domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Log the real reason when authentication fails (but don't show the user) (#25414) (#25660)

Browse source 
Backport #25414 by @lunny

Fix #24498

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
Giteabot 2023-07-03 19:26:36 -04:00 committed by GitHub
parent e610b0389a
commit 69bdcf41f3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 68 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

2
routers/web/auth/auth.go
View file

@ -201,7 +201,7 @@ func SignInPost(ctx *context.Context) {
u, source, err := auth_service.UserSignIn(form.UserName, form.Password)
if err != nil {
if user_model.IsErrUserNotExist(err) || user_model.IsErrEmailAddressNotExist(err) {
if errors.Is(err, util.ErrNotExist) || errors.Is(err, util.ErrInvalidArgument) {
ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplSignIn, &form)
log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
} else if user_model.IsErrEmailAlreadyUsed(err) {