From a0b276e4b8ae86dec7deee898e85b65784d89933 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Wed, 7 Aug 2013 18:09:20 +0200
Subject: close srp vulnerability and report error in webapp

---
 users/config/locales/en.yml | 1 +
 1 file changed, 1 insertion(+)

(limited to 'users/config/locales/en.yml')

diff --git a/users/config/locales/en.yml b/users/config/locales/en.yml
index 1aa7005..62f822c 100644
--- a/users/config/locales/en.yml
+++ b/users/config/locales/en.yml
@@ -12,6 +12,7 @@ en:
   change_password: "Change Password"
   login_message: "Please log in with your account."
   invalid_user_pass: "Not a valid username/password combination"
+  invalid_ephemeral: "Invalid random key used. This looked like an attempt to hack the site to us. If it wasn't please contact support so we can look into the issue."
   all_strategies_failed: "Could not understand your login attempt. Please first send your login and a SRP ephemeral value A and then send the client_auth in the same session (using cookies)."
   update_login_and_password: "Update Login and Password"
   destroy_my_account: "Destroy my account"
-- 
cgit v1.2.3


From c073099f0283492b30e702d833721206ab9986cc Mon Sep 17 00:00:00 2001
From: jessib <jessib@riseup.net>
Date: Mon, 19 Aug 2013 10:30:00 -0700
Subject: Change JS warning message per https://leap.se/code/issues/3492 Key
 must end in _html so the html doesn't get escaped.

---
 users/config/locales/en.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'users/config/locales/en.yml')

diff --git a/users/config/locales/en.yml b/users/config/locales/en.yml
index 62f822c..55ba3a1 100644
--- a/users/config/locales/en.yml
+++ b/users/config/locales/en.yml
@@ -32,7 +32,7 @@ en:
   not_authorized_login: "Please log in to perform that action."
   search: "Search"
   cookie_disabled_warning: "You have cookies disabled. You will not be able to login until you enable cookies."
-  js_required: "We are sorry, but this doesn't work without javascript enabled. This is for security reasons."
+  js_required_html: "We are sorry, but this doesn't work without javascript enabled. This is because the authentication system used, <a href='http://srp.stanford.edu/'>SRP</a>, requires javascript."
   enable_account: "Enable the account %{username}"
   enable_description: "This will restore the account to full functionality"
   deactivate_account: "Deactivate the account %{username}"
-- 
cgit v1.2.3