From 4c58ee1273043cea15644a43e1b91fe114d14c9a Mon Sep 17 00:00:00 2001 From: David Alger Date: Wed, 4 Nov 2015 17:26:10 -0600 Subject: [PATCH 1/2] Add reason for not logging exception; correct invalid user error message closes #2066; further details on issue page --- app/code/Magento/Customer/Controller/Account/LoginPost.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/code/Magento/Customer/Controller/Account/LoginPost.php b/app/code/Magento/Customer/Controller/Account/LoginPost.php index b1b3a8b020c9a..36031956b8934 100644 --- a/app/code/Magento/Customer/Controller/Account/LoginPost.php +++ b/app/code/Magento/Customer/Controller/Account/LoginPost.php @@ -86,8 +86,7 @@ public function executeInternal() } catch (EmailNotConfirmedException $e) { $value = $this->customerUrl->getEmailConfirmationUrl($login['username']); $message = __( - 'This account is not confirmed.' . - ' Click here to resend confirmation email.', + 'This account is not confirmed. Click here to resend confirmation email.', $value ); $this->messageManager->addError($message); @@ -97,7 +96,8 @@ public function executeInternal() $this->messageManager->addError($message); $this->session->setUsername($login['username']); } catch (\Exception $e) { - $this->messageManager->addError(__('Invalid login or password.')); + // PA DSS violation: throwing or logging an exception here can disclose customer password + $this->messageManager->addError(__('Unspecified error occured. Please contact us for assistence!')); } } else { $this->messageManager->addError(__('A login and a password are required.')); From 237423202d5ae1d3b8f780afa399cd0ff6afe792 Mon Sep 17 00:00:00 2001 From: David Alger Date: Thu, 5 Nov 2015 15:03:31 -0600 Subject: [PATCH 2/2] Fixed failing unit test --- app/code/Magento/Customer/Controller/Account/LoginPost.php | 4 +++- .../Customer/Test/Unit/Controller/Account/LoginPostTest.php | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/code/Magento/Customer/Controller/Account/LoginPost.php b/app/code/Magento/Customer/Controller/Account/LoginPost.php index 36031956b8934..df2b3be78ef50 100644 --- a/app/code/Magento/Customer/Controller/Account/LoginPost.php +++ b/app/code/Magento/Customer/Controller/Account/LoginPost.php @@ -97,7 +97,9 @@ public function executeInternal() $this->session->setUsername($login['username']); } catch (\Exception $e) { // PA DSS violation: throwing or logging an exception here can disclose customer password - $this->messageManager->addError(__('Unspecified error occured. Please contact us for assistence!')); + $this->messageManager->addError( + __('An unspecified error occurred. Please contact us for assistance.') + ); } } else { $this->messageManager->addError(__('A login and a password are required.')); diff --git a/app/code/Magento/Customer/Test/Unit/Controller/Account/LoginPostTest.php b/app/code/Magento/Customer/Test/Unit/Controller/Account/LoginPostTest.php index ca9a975b7cd61..9a71d5b897f90 100644 --- a/app/code/Magento/Customer/Test/Unit/Controller/Account/LoginPostTest.php +++ b/app/code/Magento/Customer/Test/Unit/Controller/Account/LoginPostTest.php @@ -423,7 +423,7 @@ protected function mockExceptions($exception, $username) case '\Exception': $this->messageManager->expects($this->once()) ->method('addError') - ->with(__('Invalid login or password.')) + ->with(__('An unspecified error occurred. Please contact us for assistance.')) ->willReturnSelf(); break; }