You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/03/24 23:46:59 UTC
[GitHub] [apisix] moonming commented on a change in pull request #6707: fix: hidding real message when password or username is error
moonming commented on a change in pull request #6707:
URL: https://github.com/apache/apisix/pull/6707#discussion_r834837475
##########
File path: apisix/plugins/basic-auth.lua
##########
@@ -167,14 +167,14 @@ function _M.rewrite(conf, ctx)
-- 3. check user exists
local cur_consumer = consumers[username]
if not cur_consumer then
- return 401, { message = "Invalid user key in authorization" }
+ return 401, { message = "Invalid password or username" }
Review comment:
```suggestion
return 401, { message = "Invalid authentication credentials" }
```
##########
File path: apisix/plugins/ldap-auth.lua
##########
@@ -140,7 +140,7 @@ function _M.rewrite(conf, ctx)
local userdn = uid .. "=" .. user.username .. "," .. conf.base_dn
local ld = lualdap.open_simple (conf.ldap_uri, userdn, user.password, conf.use_tls)
if not ld then
- return 401, { message = "Invalid user authorization" }
+ return 401, { message = "Invalid password or username" }
Review comment:
I don't think we need to change this
##########
File path: apisix/plugins/ldap-auth.lua
##########
@@ -152,7 +152,7 @@ function _M.rewrite(conf, ctx)
create_consumer_cache, consumer_conf)
local consumer = consumers[userdn]
if not consumer then
- return 401, {message = "Invalid API key in request"}
+ return 401, {message = "Invalid password or username"}
Review comment:
And you should update https://github.com/apache/apisix/pull/6707/files#diff-8e5b15fc718c151b0f2b2fbf464e510f31c3e0bf31a350aa2f5ca01349f4a2f6R149 too
##########
File path: apisix/plugins/basic-auth.lua
##########
@@ -167,14 +167,14 @@ function _M.rewrite(conf, ctx)
-- 3. check user exists
local cur_consumer = consumers[username]
if not cur_consumer then
- return 401, { message = "Invalid user key in authorization" }
+ return 401, { message = "Invalid password or username" }
end
core.log.info("consumer: ", core.json.delay_encode(cur_consumer))
-- 4. check the password is correct
if cur_consumer.auth_conf.password ~= password then
- return 401, { message = "Password is error" }
+ return 401, { message = "Invalid password or username" }
Review comment:
ditto
##########
File path: apisix/plugins/ldap-auth.lua
##########
@@ -152,7 +152,7 @@ function _M.rewrite(conf, ctx)
create_consumer_cache, consumer_conf)
local consumer = consumers[userdn]
if not consumer then
- return 401, {message = "Invalid API key in request"}
+ return 401, {message = "Invalid password or username"}
Review comment:
```suggestion
return 401, {message = "Invalid user authorization"}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org