IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

Display Lockout Error to User (#11135)

Browse Source
This commit is contained in:
Daniel Schalla
2019-06-12 18:35:53 +02:00
committed by GitHub
parent 03e5525fa6
commit f49a0881bf
2 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
api4/user.go
View File

@@ -1240,7 +1240,7 @@ func sendPasswordReset(c *Context, w http.ResponseWriter, r *http.Request) {
}
func login(c *Context, w http.ResponseWriter, r *http.Request) {
// Translate all login errors to generic. MFA error being an exception, since it's required for the login flow itself
// Mask all sensitive errors, with the exception of the following
defer func() {
if c.Err == nil {
return
@@ -1254,6 +1254,7 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) {
"api.user.login.client_side_cert.certificate.app_error",
"api.user.login.inactive.app_error",
"api.user.login.not_verified.app_error",
"api.user.check_user_login_attempts.too_many.app_error",
}
maskError := true

12
api4/user_test.go
View File

@@ -4220,13 +4220,13 @@ func TestLoginLockout(t *testing.T) {
_, resp = th.Client.Login(th.BasicUser.Email, "wrong")
CheckErrorMessage(t, resp, "api.user.login.invalid_credentials_email_username")
_, resp = th.Client.Login(th.BasicUser.Email, "wrong")
CheckErrorMessage(t, resp, "api.user.login.invalid_credentials_email_username")
CheckErrorMessage(t, resp, "api.user.check_user_login_attempts.too_many.app_error")
_, resp = th.Client.Login(th.BasicUser.Email, "wrong")
CheckErrorMessage(t, resp, "api.user.login.invalid_credentials_email_username")
CheckErrorMessage(t, resp, "api.user.check_user_login_attempts.too_many.app_error")
//Check if lock is active
_, resp = th.Client.Login(th.BasicUser.Email, th.BasicUser.Password)
CheckErrorMessage(t, resp, "api.user.login.invalid_credentials_email_username")
CheckErrorMessage(t, resp, "api.user.check_user_login_attempts.too_many.app_error")
// Fake user has MFA enabled
if result := <-th.Server.Store.User().UpdateMfaActive(th.BasicUser2.Id, true); result.Err != nil {
@@ -4239,9 +4239,9 @@ func TestLoginLockout(t *testing.T) {
_, resp = th.Client.LoginWithMFA(th.BasicUser2.Email, th.BasicUser2.Password, "000000")
CheckErrorMessage(t, resp, "api.user.check_user_mfa.bad_code.app_error")
_, resp = th.Client.LoginWithMFA(th.BasicUser2.Email, th.BasicUser2.Password, "000000")
CheckErrorMessage(t, resp, "api.user.login.invalid_credentials_email_username")
CheckErrorMessage(t, resp, "api.user.check_user_login_attempts.too_many.app_error")
_, resp = th.Client.LoginWithMFA(th.BasicUser2.Email, th.BasicUser2.Password, "000000")
CheckErrorMessage(t, resp, "api.user.login.invalid_credentials_email_username")
CheckErrorMessage(t, resp, "api.user.check_user_login_attempts.too_many.app_error")
// Fake user has MFA disabled
if result := <-th.Server.Store.User().UpdateMfaActive(th.BasicUser2.Id, false); result.Err != nil {
@@ -4250,5 +4250,5 @@ func TestLoginLockout(t *testing.T) {
//Check if lock is active
_, resp = th.Client.Login(th.BasicUser2.Email, th.BasicUser2.Password)
CheckErrorMessage(t, resp, "api.user.login.invalid_credentials_email_username")
CheckErrorMessage(t, resp, "api.user.check_user_login_attempts.too_many.app_error")
}