Unverified Commit d913fa03 authored by Torben Hansen's avatar Torben Hansen
Browse files

Show a common error message on SOAP auth error

Change the message on authentication error for the SOAP
API to a general one in order to avoid user enumeration.
parent 48b40516
Pipeline #11811 passed with stages
in 6 minutes and 35 seconds
......@@ -97,10 +97,10 @@ class ApiUser
if (!$this->userIsAlreadyLoggedIn() && !$this->ldapValidationSucceeded()) {
$this->userGroups = [];
$this->authenticated = false;
throw new UnauthorizedException('Wrong password.', ResultCodes::ERROR_GENERAL_WRONGPASSWORD);
throw new UnauthorizedException('Username does not exist or password is wrong.', ResultCodes::ERROR_GENERAL_WRONGPASSWORD);
}
} else {
throw new UnauthorizedException('The specified user does not exist. You need to login first on extensions.typo3.org.', ResultCodes::ERROR_GENERAL_USERNOTFOUND);
throw new UnauthorizedException('Username does not exist or password is wrong.', ResultCodes::ERROR_GENERAL_USERNOTFOUND);
}
$this->authenticated = true;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment