Merge pull request #87 from azul/feature/srp-without-sessions

security fix: clear srp data from db asap (#3686)
author: jessib <jessib@riseup.net> 2013-09-23 10:30:45 -0700
committer: jessib <jessib@riseup.net> 2013-09-23 10:30:45 -0700
commit: c081062ea16526dfbf3ad9ba0fdec724be67949c (patch)
tree: 6ee250187fc2b8b186a87cf2990512d7d9404eaa
parent: 890c9e170fc038eccb46eca3c1ddcf6f05eaa53f (diff)
parent: 80bcb7d273395af614730024e21a92a1c568228d (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb
index 4688fcd..2c334c6 100644
--- a/users/lib/warden/strategies/secure_remote_password.rb
+++ b/users/lib/warden/strategies/secure_remote_password.rb
@@ -31,6 +31,7 @@ module Warden
           Rails.logger.warn "Login attempt failed."
           Rails.logger.debug debug_info
           Rails.logger.debug "Received: #{params['client_auth']}"
+          session.delete(:handshake)
           fail!(:base => "invalid_user_pass")
         end
       end
author	jessib <jessib@riseup.net>	2013-09-23 10:30:45 -0700
committer	jessib <jessib@riseup.net>	2013-09-23 10:30:45 -0700
commit	c081062ea16526dfbf3ad9ba0fdec724be67949c (patch)
tree	6ee250187fc2b8b186a87cf2990512d7d9404eaa
parent	890c9e170fc038eccb46eca3c1ddcf6f05eaa53f (diff)
parent	80bcb7d273395af614730024e21a92a1c568228d (diff)