Merge pull request #772 from yodax/generic-login-message

Make control panel login failed messages generic - don't reveal if an email address has an account on the system.
This commit is contained in:
Joshua Tauberer 2016-03-26 09:22:02 -04:00
commit 252c35c66e

View file

@ -43,7 +43,7 @@ def authorized_personnel_only(viewfunc):
except ValueError as e:
# Authentication failed.
privs = []
error = str(e)
error = "Incorrect username or password"
# Authorized to access an API view?
if "admin" in privs:
@ -119,7 +119,7 @@ def me():
except ValueError as e:
return json_response({
"status": "invalid",
"reason": str(e),
"reason": "Incorrect username or password",
})
resp = {