Merge branch 'bugfix/3410-close-srp-vulnerablility'

author: Azul <azul@leap.se> 2013-08-08 14:26:10 +0200
committer: Azul <azul@leap.se> 2013-08-08 14:26:10 +0200
commit: 31441fc921c3a60bff7c606f1da343fdd62d80d5 (patch)
tree: 3526360311a2fc2c3194480b50a397c5fe8e2840 /users/lib
parent: 1a3fdad01d9cb2e2596281d38ce0c0f1ad4da04a (diff)
parent: a0b276e4b8ae86dec7deee898e85b65784d89933 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb
index 2c681be..4688fcd 100644
--- a/users/lib/warden/strategies/secure_remote_password.rb
+++ b/users/lib/warden/strategies/secure_remote_password.rb
@@ -49,6 +49,8 @@ module Warden
         else
           fail! :base => 'invalid_user_pass'
         end
+      rescue SRP::InvalidEphemeral
+        fail!(:base => "invalid_ephemeral")
       end
 
       def json_response(object)
author	Azul <azul@leap.se>	2013-08-08 14:26:10 +0200
committer	Azul <azul@leap.se>	2013-08-08 14:26:10 +0200
commit	31441fc921c3a60bff7c606f1da343fdd62d80d5 (patch)
tree	3526360311a2fc2c3194480b50a397c5fe8e2840 /users/lib
parent	1a3fdad01d9cb2e2596281d38ce0c0f1ad4da04a (diff)
parent	a0b276e4b8ae86dec7deee898e85b65784d89933 (diff)