security fix: clear srp data from db asap (#3686)

This is a quick fix for iSEC issue #13.
author: Azul <azul@leap.se> 2013-09-23 10:20:02 +0200
committer: Azul <azul@leap.se> 2013-09-23 11:38:20 +0200
commit: 80bcb7d273395af614730024e21a92a1c568228d (patch)
tree: 6ee250187fc2b8b186a87cf2990512d7d9404eaa
parent: 890c9e170fc038eccb46eca3c1ddcf6f05eaa53f (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb
index 4688fcd..2c334c6 100644
--- a/users/lib/warden/strategies/secure_remote_password.rb
+++ b/users/lib/warden/strategies/secure_remote_password.rb
@@ -31,6 +31,7 @@ module Warden
           Rails.logger.warn "Login attempt failed."
           Rails.logger.debug debug_info
           Rails.logger.debug "Received: #{params['client_auth']}"
+          session.delete(:handshake)
           fail!(:base => "invalid_user_pass")
         end
       end
author	Azul <azul@leap.se>	2013-09-23 10:20:02 +0200
committer	Azul <azul@leap.se>	2013-09-23 11:38:20 +0200
commit	80bcb7d273395af614730024e21a92a1c568228d (patch)
tree	6ee250187fc2b8b186a87cf2990512d7d9404eaa
parent	890c9e170fc038eccb46eca3c1ddcf6f05eaa53f (diff)