Merge pull request #772 from yodax/generic-login-message

Make control panel login failed messages generic - don't reveal if an email address has an account on the system.

Merge pull request #772 from yodax/generic-login-message
Make control panel login failed messages generic - don't reveal if an email address has an account on the system.
252c35c6 · Joshua Tauberer · 1e1c3cbd · f292e8fc · 252c35c6
Commit 252c35c6 authored Mar 26, 2016 by Joshua Tauberer
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

daemon.py management/daemon.py +2 -2

No files found.
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -43,7 +43,7 @@ def authorized_personnel_only(viewfunc):
 		except ValueError as e:
 			# Authentication failed.
 			privs = []
-			error = str(e)
+			error = "Incorrect username or password"
 		# Authorized to access an API view?
 		if "admin" in privs:
@@ -119,7 +119,7 @@ def me():
 	except ValueError as e:
 		return json_response({
 			"status": "invalid",
-			"reason": str(e),
+			"reason": "Incorrect username or password",
 			})
 	resp = {