Merge pull request #418 from mz8i/feature/415-no-password-log

Prevent logging passwords in failed login attempts
2019-09-30 12:07:46 +01:00 · 2019-09-30 12:07:46 +01:00 · 37278fd639
commit 37278fd639
parent 4ba7d99737 d14c4ce671
1 changed files with 8 additions and 2 deletions
--- a/app/src/api/services/user.ts
+++ b/app/src/api/services/user.ts
@ -2,6 +2,8 @@
 * User data access
 *
 */
+import { errors } from 'pg-promise';
+
 import db from '../../db';

 function createUser(user) {
@ -64,8 +66,12 @@ function authUser(username, password) {
            return { error: 'Username or password not recognised' }
        }
    }).catch(function (err) {
-        console.error(err);
-        return { error: 'Username or password not recognised' };
+        if (err instanceof errors.QueryResultError) {
+            console.error(`Authentication failed for user ${username}`);
+            return { error: 'Username or password not recognised' };
+        }
+        console.error('Error:', err);
+        return { error: 'Database error' }; 
    })
 }