avoid login error meassage information leak

HenriWahl · Oct 12, 2022 · 8943b64 · 8943b64
1 parent 1500555
commit 8943b64
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/doko3000/misc.py b/doko3000/misc.py
@@ -2,6 +2,7 @@
 
 ACCEPTED_JSON_MIMETYPES = ['*/*', 'text/javascript', 'application/json']
 
+MESSAGE_LOGIN_FAILURE = "Login-Fehler"
 
 def is_xhr(request):
     """

diff --git a/doko3000/web.py b/doko3000/web.py
@@ -21,7 +21,8 @@
 from .game import Deck, \
     Game
 from .misc import get_hash, \
-    is_xhr
+    is_xhr, \
+    MESSAGE_LOGIN_FAILURE
 
 # needed for ajax detection
 ACCEPTED_JSON_MIMETYPES = ['*/*', 'text/javascript', 'application/json']
@@ -995,12 +996,12 @@ def login():
         player = game.get_player(request.values['name'])
         if player:
             if not player.check_password(request.values['password']):
-                flash('Falsches Passwort :-(')
+                flash(MESSAGE_LOGIN_FAILURE)
             else:
                 login_user(player, remember=True)
                 return redirect(url_for('index'))
         else:
-            flash('Spieler nicht bekannt :-(')
+            flash(MESSAGE_LOGIN_FAILURE)
     # got to login if not logged in
     return render_template('login.html',
                            title=f"{app.config['TITLE']} Login")
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,6 +2,7 @@ @@
     ACCEPTED_JSON_MIMETYPES = ['*/*', 'text/javascript', 'application/json']
+    MESSAGE_LOGIN_FAILURE = "Login-Fehler"
     def is_xhr(request):
         """
@@ Expand Down @@