diff options
author | jessib <jessib@riseup.net> | 2013-09-23 10:30:45 -0700 |
---|---|---|
committer | jessib <jessib@riseup.net> | 2013-09-23 10:30:45 -0700 |
commit | c081062ea16526dfbf3ad9ba0fdec724be67949c (patch) | |
tree | 6ee250187fc2b8b186a87cf2990512d7d9404eaa | |
parent | 890c9e170fc038eccb46eca3c1ddcf6f05eaa53f (diff) | |
parent | 80bcb7d273395af614730024e21a92a1c568228d (diff) |
Merge pull request #87 from azul/feature/srp-without-sessions
security fix: clear srp data from db asap (#3686)
-rw-r--r-- | users/lib/warden/strategies/secure_remote_password.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb index 4688fcd..2c334c6 100644 --- a/users/lib/warden/strategies/secure_remote_password.rb +++ b/users/lib/warden/strategies/secure_remote_password.rb @@ -31,6 +31,7 @@ module Warden Rails.logger.warn "Login attempt failed." Rails.logger.debug debug_info Rails.logger.debug "Received: #{params['client_auth']}" + session.delete(:handshake) fail!(:base => "invalid_user_pass") end end |