Normalize userpass errors around bad user/pass

2016-03-16 15:19:55 -04:00 · 2016-03-16 15:19:55 -04:00 · 77e4ee76bb
parent 8a3f1ad13e
commit 77e4ee76bb
1 changed files with 3 additions and 3 deletions
--- a/builtin/credential/userpass/path_login.go
+++ b/builtin/credential/userpass/path_login.go
@ -49,7 +49,7 @@ func (b *backend) pathLogin(
 		return nil, err
 	}
 	if user == nil {
-		return logical.ErrorResponse("username does not exist"), nil
+		return logical.ErrorResponse("invalid username or password"), nil
 	}

 	// Check for a password match. Check for a hash collision for Vault 0.2+,
@ -57,11 +57,11 @@ func (b *backend) pathLogin(
 	passwordBytes := []byte(password)
 	if user.PasswordHash != nil {
 		if err := bcrypt.CompareHashAndPassword(user.PasswordHash, passwordBytes); err != nil {
-			return logical.ErrorResponse("unknown username or password"), nil
+			return logical.ErrorResponse("invalid username or password"), nil
 		}
 	} else {
 		if subtle.ConstantTimeCompare([]byte(user.Password), passwordBytes) != 1 {
-			return logical.ErrorResponse("unknown username or password"), nil
+			return logical.ErrorResponse("invalid username or password"), nil
 		}
 	}