diff options
| author | Daniel Aloni <74783603+Danieloni1@users.noreply.github.com> | 2022-06-07 17:58:48 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-06-07 14:58:48 +0000 |
| commit | b5a3aecf18740fb699f871c8e1d110d847fea6d3 (patch) | |
| tree | 2aa9222fac89627cb4e665cfe17ac8dcccf5aba6 /synapse | |
| parent | Fix Synapse git info missing in version strings (#12973) (diff) | |
| download | synapse-b5a3aecf18740fb699f871c8e1d110d847fea6d3.tar.xz | |
Return the same error message from `/login` when password is incorrect and when account doesn't exist. (#12738)
Diffstat (limited to 'synapse')
| -rw-r--r-- | synapse/handlers/auth.py | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index fbafbbee6b..6e15028b0a 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -81,6 +81,8 @@ if TYPE_CHECKING: logger = logging.getLogger(__name__) +INVALID_USERNAME_OR_PASSWORD = "Invalid username or password" + def convert_client_dict_legacy_fields_to_identifier( submission: JsonDict, @@ -1215,7 +1217,9 @@ class AuthHandler: await self._failed_login_attempts_ratelimiter.can_do_action( None, (medium, address) ) - raise LoginError(403, "", errcode=Codes.FORBIDDEN) + raise LoginError( + 403, msg=INVALID_USERNAME_OR_PASSWORD, errcode=Codes.FORBIDDEN + ) identifier_dict = {"type": "m.id.user", "user": user_id} @@ -1341,7 +1345,7 @@ class AuthHandler: # We raise a 403 here, but note that if we're doing user-interactive # login, it turns all LoginErrors into a 401 anyway. - raise LoginError(403, "Invalid password", errcode=Codes.FORBIDDEN) + raise LoginError(403, msg=INVALID_USERNAME_OR_PASSWORD, errcode=Codes.FORBIDDEN) async def check_password_provider_3pid( self, medium: str, address: str, password: str |