From a0b276e4b8ae86dec7deee898e85b65784d89933 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Wed, 7 Aug 2013 18:09:20 +0200
Subject: close srp vulnerability and report error in webapp

---
 users/lib/warden/strategies/secure_remote_password.rb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'users/lib/warden')

diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb
index 2c681be..4688fcd 100644
--- a/users/lib/warden/strategies/secure_remote_password.rb
+++ b/users/lib/warden/strategies/secure_remote_password.rb
@@ -49,6 +49,8 @@ module Warden
         else
           fail! :base => 'invalid_user_pass'
         end
+      rescue SRP::InvalidEphemeral
+        fail!(:base => "invalid_ephemeral")
       end
 
       def json_response(object)
-- 
cgit v1.2.3