Fernondo, Did you solve the issue? Can you share your code.
Thanks in advance On Tuesday, June 26, 2018 at 8:45:05 PM UTC+5:30, Fernando Gómez wrote: > > Chia-Ying Yang Thanks for answering me. You're absolutely right, but > specifically I need to be able to show a message when someone tries to > access and does not have the verified account, say something like: "Check > your email and verify your account", something like that, and when it's key > and / or invalid user, good practices are used to simply say something > like: "Invalid access data" > > In summary, please I need to know how to show a message when the account > is not yet verified > > El martes, 26 de junio de 2018, 11:03:18 (UTC-3), Chia-Ying Yang escribió: >> >> Actually, it's considered good security practice to not be too specific >> about authentication errors. If a hacker is using the login form, you do >> not want the hacker to be able to tell if the username he is trying is >> valid or not. You want to be vague so that the hacker cannot tell whether >> the username is wrong or the password is wrong. >> >> See: >> https://www.owasp.org/index.php/Authentication_Cheat_Sheet#Authentication_Responses >> >> David >> >> >> >> On 06/26/2018 09:15 AM, Fernando Gómez wrote: >> >> Hi, I need to know if it is possible, take the original authentication >> error message and show the correct message. >> I explain myself better: I want to know if it can be detected when the >> email is not written correctly and to make the error: "Wrong email". >> When the password is incorrect: show incorrect password, >> I mean to show the correct message that the service returns when a login >> error occurs. >> What I have achieved so far, is to take in menssages.properties >> >> authenticationFailure.AccountNotFoundException = Invalid credentials. >> authenticationFailure.FailedLoginException = Invalid credentials. >> >> but I need to be more specific with the causes, for which the error >> occurred. >> >> I'm waiting >> >> Grateful in advance ... >> >> Fernando >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/27d7746e-dee8-4295-b1ff-202cb61c07e0%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/27d7746e-dee8-4295-b1ff-202cb61c07e0%40apereo.org?utm_medium=email&utm_source=footer> >> . >> >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c935efb9-2c9d-40dc-bcf0-d44a61a2fc4c%40apereo.org.
