Prevent logging passwords in failed login attempts

This commit is contained in:
Maciej Ziarkowski 2019-09-10 15:38:01 +01:00
parent 1c1e8df704
commit d14c4ce671

View File

@ -2,6 +2,8 @@
* User data access * User data access
* *
*/ */
import { errors } from 'pg-promise';
import db from '../../db'; import db from '../../db';
function createUser(user) { function createUser(user) {
@ -64,8 +66,12 @@ function authUser(username, password) {
return { error: 'Username or password not recognised' } return { error: 'Username or password not recognised' }
} }
}).catch(function (err) { }).catch(function (err) {
console.error(err); if (err instanceof errors.QueryResultError) {
console.error(`Authentication failed for user ${username}`);
return { error: 'Username or password not recognised' }; return { error: 'Username or password not recognised' };
}
console.error('Error:', err);
return { error: 'Database error' };
}) })
} }