Authentication errors: try to avoid user enumeration

Fixes #395
2025-12-08 23:28:39 +03:00 · 2021-04-26 19:48:21 +02:00
parent 7778716fa7
commit 1275328fdf
7 changed files with 59 additions and 17 deletions
--- a/dataprovider/admin.go
+++ b/dataprovider/admin.go
@@ -125,7 +125,7 @@ func (a *Admin) validate() error {
 func (a *Admin) CheckPassword(password string) (bool, error) {
 	if strings.HasPrefix(a.Password, bcryptPwdPrefix) {
 		if err := bcrypt.CompareHashAndPassword([]byte(a.Password), []byte(password)); err != nil {
-			return false, err
+			return false, ErrInvalidCredentials
 		}
 		return true, nil
 	}