From c42828b36c81fce2a10bbba54c5af033207e8ee0 Mon Sep 17 00:00:00 2001 From: OmarAyo Date: Thu, 5 Nov 2020 00:14:39 +0000 Subject: [PATCH 1/2] In case of an invalid login request, a generic error message will be printed in alpha logs --- edgraph/access_ee.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/edgraph/access_ee.go b/edgraph/access_ee.go index b82de85b57b..66314951dbc 100644 --- a/edgraph/access_ee.go +++ b/edgraph/access_ee.go @@ -138,7 +138,7 @@ func (s *Server) authenticateLogin(ctx context.Context, request *api.LoginReques if user == nil { return nil, errors.Errorf("unable to authenticate through refresh token: "+ - "user not found for id %v", userId) + "invalid username or password") } glog.Infof("Authenticated user %s through refresh token", userId) @@ -155,10 +155,10 @@ func (s *Server) authenticateLogin(ctx context.Context, request *api.LoginReques if user == nil { return nil, errors.Errorf("unable to authenticate through password: "+ - "user not found for id %v", request.Userid) + "invalid username or passowrd") } if !user.PasswordMatch { - return nil, errors.Errorf("password mismatch for user: %v", request.Userid) + return nil, errors.Errorf("invalid username or password") } return user, nil } From 9fdc50398054fe2c46a98e61073eae93fac45fd3 Mon Sep 17 00:00:00 2001 From: OmarAyo Date: Thu, 5 Nov 2020 12:11:08 +0000 Subject: [PATCH 2/2] used x.ErrorInvalidLogin per Ibrahim's suggestion --- edgraph/access_ee.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/edgraph/access_ee.go b/edgraph/access_ee.go index 66314951dbc..c4f1ed1bfc6 100644 --- a/edgraph/access_ee.go +++ b/edgraph/access_ee.go @@ -158,7 +158,7 @@ func (s *Server) authenticateLogin(ctx context.Context, request *api.LoginReques "invalid username or passowrd") } if !user.PasswordMatch { - return nil, errors.Errorf("invalid username or password") + return nil, x.ErrorInvalidLogin } return user, nil }