diff options
author | Azul <azul@leap.se> | 2013-09-23 10:20:02 +0200 |
---|---|---|
committer | Azul <azul@leap.se> | 2013-09-23 11:38:20 +0200 |
commit | 80bcb7d273395af614730024e21a92a1c568228d (patch) | |
tree | 6ee250187fc2b8b186a87cf2990512d7d9404eaa | |
parent | 890c9e170fc038eccb46eca3c1ddcf6f05eaa53f (diff) |
security fix: clear srp data from db asap (#3686)
This is a quick fix for iSEC issue #13.
-rw-r--r-- | users/lib/warden/strategies/secure_remote_password.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb index 4688fcd..2c334c6 100644 --- a/users/lib/warden/strategies/secure_remote_password.rb +++ b/users/lib/warden/strategies/secure_remote_password.rb @@ -31,6 +31,7 @@ module Warden Rails.logger.warn "Login attempt failed." Rails.logger.debug debug_info Rails.logger.debug "Received: #{params['client_auth']}" + session.delete(:handshake) fail!(:base => "invalid_user_pass") end end |