From 80bcb7d273395af614730024e21a92a1c568228d Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 23 Sep 2013 10:20:02 +0200
Subject: security fix: clear srp data from db asap (#3686)

This is a quick fix for iSEC issue #13.
---
 users/lib/warden/strategies/secure_remote_password.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb
index 4688fcd..2c334c6 100644
--- a/users/lib/warden/strategies/secure_remote_password.rb
+++ b/users/lib/warden/strategies/secure_remote_password.rb
@@ -31,6 +31,7 @@ module Warden
           Rails.logger.warn "Login attempt failed."
           Rails.logger.debug debug_info
           Rails.logger.debug "Received: #{params['client_auth']}"
+          session.delete(:handshake)
           fail!(:base => "invalid_user_pass")
         end
       end
-- 
cgit v1.2.3