summaryrefslogtreecommitdiff
path: root/users
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2013-09-23 10:20:02 +0200
committerAzul <azul@leap.se>2013-09-23 11:38:20 +0200
commit80bcb7d273395af614730024e21a92a1c568228d (patch)
tree6ee250187fc2b8b186a87cf2990512d7d9404eaa /users
parent890c9e170fc038eccb46eca3c1ddcf6f05eaa53f (diff)
security fix: clear srp data from db asap (#3686)
This is a quick fix for iSEC issue #13.
Diffstat (limited to 'users')
-rw-r--r--users/lib/warden/strategies/secure_remote_password.rb1
1 files changed, 1 insertions, 0 deletions
diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb
index 4688fcd..2c334c6 100644
--- a/users/lib/warden/strategies/secure_remote_password.rb
+++ b/users/lib/warden/strategies/secure_remote_password.rb
@@ -31,6 +31,7 @@ module Warden
Rails.logger.warn "Login attempt failed."
Rails.logger.debug debug_info
Rails.logger.debug "Received: #{params['client_auth']}"
+ session.delete(:handshake)
fail!(:base => "invalid_user_pass")
end
end