Prevent logging passwords in failed login attempts

This commit is contained in:
Maciej Ziarkowski 2019-09-10 15:38:01 +01:00
parent 1c1e8df704
commit d14c4ce671

View File

@ -2,6 +2,8 @@
* User data access
*
*/
import { errors } from 'pg-promise';
import db from '../../db';
function createUser(user) {
@ -64,8 +66,12 @@ function authUser(username, password) {
return { error: 'Username or password not recognised' }
}
}).catch(function (err) {
console.error(err);
return { error: 'Username or password not recognised' };
if (err instanceof errors.QueryResultError) {
console.error(`Authentication failed for user ${username}`);
return { error: 'Username or password not recognised' };
}
console.error('Error:', err);
return { error: 'Database error' };
})
}