From aeb02720f2d3c7b9da0c00c56aa214c99ce76273 Mon Sep 17 00:00:00 2001
From: Max <macsj200@gmail.com>
Date: Thu, 14 Aug 2014 00:23:42 -0600
Subject: [PATCH] Genericize invalid username or password message

https://github.com/meanjs/mean/issues/133
The message given to the user upon an invalid login attempt, for security reasons, should not reveal that the username or password was incorrect.  Rather, a generic message should be displayed when the username or password is incorrect.
---
 config/strategies/local.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/strategies/local.js b/config/strategies/local.js
index 5471473df2..ad56052422 100644
--- a/config/strategies/local.js
+++ b/config/strategies/local.js
@@ -22,12 +22,12 @@ module.exports = function() {
 				}
 				if (!user) {
 					return done(null, false, {
-						message: 'Unknown user'
+						message: 'Unknown user or invalid password'
 					});
 				}
 				if (!user.authenticate(password)) {
 					return done(null, false, {
-						message: 'Invalid password'
+						message: 'Unknown user or invalid password'
 					});
 				}
 
@@ -35,4 +35,4 @@ module.exports = function() {
 			});
 		}
 	));
-};
\ No newline at end of file
+};