Change sign in messages to protect user privacy

This commit is contained in:
Omar Roth 2018-07-20 11:34:27 -05:00
parent ac8fb9d8c8
commit e4ba09549a

View file

@ -761,12 +761,12 @@ post "/login" do |env|
user = PG_DB.query_one?("SELECT * FROM users WHERE email = $1 AND password IS NOT NULL", email, as: User) user = PG_DB.query_one?("SELECT * FROM users WHERE email = $1 AND password IS NOT NULL", email, as: User)
if !user if !user
error_message = "Cannot find user with ID #{email}." error_message = "Invalid username or password"
next templated "error" next templated "error"
end end
if !user.password if !user.password
error_message = "Account appears to be a Google account." error_message = "Please sign in using 'Sign in with Google'"
next templated "error" next templated "error"
end end
@ -782,13 +782,13 @@ post "/login" do |env|
env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", value: sid, expires: Time.now + 2.years, secure: secure, http_only: true) env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", value: sid, expires: Time.now + 2.years, secure: secure, http_only: true)
else else
error_message = "Invalid password" error_message = "Invalid username or password"
next templated "error" next templated "error"
end end
elsif action == "register" elsif action == "register"
user = PG_DB.query_one?("SELECT * FROM users WHERE email = $1 AND password IS NOT NULL", email, as: User) user = PG_DB.query_one?("SELECT * FROM users WHERE email = $1 AND password IS NOT NULL", email, as: User)
if user if user
error_message = "User already exists, please sign in" error_message = "Please sign in"
next templated "error" next templated "error"
end end