From d14c4ce67136ccd902292404952854bbc6d19f03 Mon Sep 17 00:00:00 2001 From: Maciej Ziarkowski Date: Tue, 10 Sep 2019 15:38:01 +0100 Subject: [PATCH] Prevent logging passwords in failed login attempts --- app/src/api/services/user.ts | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/app/src/api/services/user.ts b/app/src/api/services/user.ts index 0e471aa4..fff45010 100644 --- a/app/src/api/services/user.ts +++ b/app/src/api/services/user.ts @@ -2,6 +2,8 @@ * User data access * */ +import { errors } from 'pg-promise'; + import db from '../../db'; function createUser(user) { @@ -64,8 +66,12 @@ function authUser(username, password) { return { error: 'Username or password not recognised' } } }).catch(function (err) { - console.error(err); - return { error: 'Username or password not recognised' }; + if (err instanceof errors.QueryResultError) { + console.error(`Authentication failed for user ${username}`); + return { error: 'Username or password not recognised' }; + } + console.error('Error:', err); + return { error: 'Database error' }; }) }