[GitHub] [apisix] liangliang4ward commented on a change in pull request #6707: fix: hidding real message when password or username is error
liangliang4ward commented on a change in pull request #6707:
URL: https://github.com/apache/apisix/pull/6707#discussion_r835761511
##
File path: apisix/plugins/basic-auth.lua
##
@@ -167,14 +167,14 @@ function _M.rewrite(conf, ctx)
-- 3. check user exists
local cur_consumer = consumers[username]
if not cur_consumer then
-return 401, { message = "Invalid user key in authorization" }
+return 401, { message = "Invalid password or username" }
end
core.log.info("consumer: ", core.json.delay_encode(cur_consumer))
-- 4. check the password is correct
if cur_consumer.auth_conf.password ~= password then
-return 401, { message = "Password is error" }
+return 401, { message = "Invalid password or username" }
Review comment:
done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [apisix] liangliang4ward commented on a change in pull request #6707: fix: hidding real message when password or username is error
liangliang4ward commented on a change in pull request #6707:
URL: https://github.com/apache/apisix/pull/6707#discussion_r835761390
##
File path: apisix/plugins/basic-auth.lua
##
@@ -167,14 +167,14 @@ function _M.rewrite(conf, ctx)
-- 3. check user exists
local cur_consumer = consumers[username]
if not cur_consumer then
-return 401, { message = "Invalid user key in authorization" }
+return 401, { message = "Invalid password or username" }
Review comment:
done. unify "Invalid user authorization"
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [apisix] liangliang4ward commented on a change in pull request #6707: fix: hidding real message when password or username is error
liangliang4ward commented on a change in pull request #6707:
URL: https://github.com/apache/apisix/pull/6707#discussion_r835761496
##
File path: apisix/plugins/ldap-auth.lua
##
@@ -152,7 +152,7 @@ function _M.rewrite(conf, ctx)
create_consumer_cache, consumer_conf)
local consumer = consumers[userdn]
if not consumer then
-return 401, {message = "Invalid API key in request"}
+return 401, {message = "Invalid password or username"}
Review comment:
done. unify to " Invalid user authorization"
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
