Skip to content
This repository has been archived by the owner on Aug 30, 2021. It is now read-only.

Commit

Permalink
Merge pull request #575 from pgrodrigues/0.4.0
Browse files Browse the repository at this point in the history 
Abstract the local strategy login error to thwart hackers
  • Loading branch information
@ilanbiala
ilanbiala committed Jun 3, 2015
2 parents 716925b + e11ffda commit cd5db4a
Showing 1 changed file with 2 additions and 7 deletions.
9 changes: 2 additions & 7 deletions modules/users/server/config/strategies/local.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,14 +20,9 @@ module.exports = function() {
if (err) {
return done(err);
}
if (!user) {
if (!user || !user.authenticate(password)) {
return done(null, false, {
message: 'Unknown user'
});
}
if (!user.authenticate(password)) {
return done(null, false, {
message: 'Invalid password'
message: 'Invalid username or password'
});
}

Expand Down

0 comments on commit cd5db4a

Please sign in to comment.