summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjessib <jessib@riseup.net>2013-09-23 10:30:45 -0700
committerjessib <jessib@riseup.net>2013-09-23 10:30:45 -0700
commitc081062ea16526dfbf3ad9ba0fdec724be67949c (patch)
tree6ee250187fc2b8b186a87cf2990512d7d9404eaa
parent890c9e170fc038eccb46eca3c1ddcf6f05eaa53f (diff)
parent80bcb7d273395af614730024e21a92a1c568228d (diff)
Merge pull request #87 from azul/feature/srp-without-sessions
security fix: clear srp data from db asap (#3686)
-rw-r--r--users/lib/warden/strategies/secure_remote_password.rb1
1 files changed, 1 insertions, 0 deletions
diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb
index 4688fcd..2c334c6 100644
--- a/users/lib/warden/strategies/secure_remote_password.rb
+++ b/users/lib/warden/strategies/secure_remote_password.rb
@@ -31,6 +31,7 @@ module Warden
Rails.logger.warn "Login attempt failed."
Rails.logger.debug debug_info
Rails.logger.debug "Received: #{params['client_auth']}"
+ session.delete(:handshake)
fail!(:base => "invalid_user_pass")
end
end