diff options
author | Christopher Speller <crspeller@gmail.com> | 2018-06-04 09:48:26 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-06-04 09:48:26 -0700 |
commit | 2c75247c97d0277944975deb9595b5f82a80e91e (patch) | |
tree | bd2bf76858fa308fc72b7f48860e6c291622149f /api4/user.go | |
parent | bd7c9f86424a8d6609ad602e2225c4438d136415 (diff) | |
download | chat-2c75247c97d0277944975deb9595b5f82a80e91e.tar.gz chat-2c75247c97d0277944975deb9595b5f82a80e91e.tar.bz2 chat-2c75247c97d0277944975deb9595b5f82a80e91e.zip |
MM-10348 Adding experimental hardened mode. (#8881)
* Adding experimental hardened mode.
* Sanitizing all 500 errors.
Diffstat (limited to 'api4/user.go')
-rw-r--r-- | api4/user.go | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/api4/user.go b/api4/user.go index ea90d2127..2292544c4 100644 --- a/api4/user.go +++ b/api4/user.go @@ -784,7 +784,9 @@ func checkUserMfa(c *Context, w http.ResponseWriter, r *http.Request) { return } - if user, err := c.App.GetUserForLogin("", loginId); err == nil { + if *c.App.Config().ServiceSettings.ExperimentalEnableHardenedMode { + resp["mfa_required"] = true + } else if user, err := c.App.GetUserForLogin("", loginId); err == nil { resp["mfa_required"] = user.MfaActive } @@ -936,7 +938,11 @@ func sendPasswordReset(c *Context, w http.ResponseWriter, r *http.Request) { } if sent, err := c.App.SendPasswordReset(email, c.App.GetSiteURL()); err != nil { - c.Err = err + if *c.App.Config().ServiceSettings.ExperimentalEnableHardenedMode { + ReturnStatusOK(w) + } else { + c.Err = err + } return } else if sent { c.LogAudit("sent=" + email) @@ -946,6 +952,13 @@ func sendPasswordReset(c *Context, w http.ResponseWriter, r *http.Request) { } func login(c *Context, w http.ResponseWriter, r *http.Request) { + // For hardened mode, translate all login errors to generic. + defer func() { + if *c.App.Config().ServiceSettings.ExperimentalEnableHardenedMode && c.Err != nil { + c.Err = model.NewAppError("login", "api.user.login.invalid_credentials", nil, "", http.StatusUnauthorized) + } + }() + props := model.MapFromJson(r.Body) id := props["id"] @@ -982,11 +995,7 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) { } func logout(c *Context, w http.ResponseWriter, r *http.Request) { - data := make(map[string]string) - data["user_id"] = c.Session.UserId - Logout(c, w, r) - } func Logout(c *Context, w http.ResponseWriter, r *http.Request) { |