Roundcube Community Forum

 

Problem with error message $args['error']

Started by nixe, May 30, 2014, 02:11:12 AM

Previous topic - Next topic

nixe

We've made our own login plugin, but now we have a problem.
When we check authentication there's mainly two possibilities when you need to give error message, case 1. Username is correct, but password is wrong, case 2. Username and password is wrong

In case 1 Roundcube gives error message "Login failed." that's fine.
But in case 2 Roundcube gives error message "Invalid request! No data was saved.", that's not fine, because you can find out existing accounts that way.

In documentation there's said that when I define $args['abort'] = true I also should define $args['error'] as error message shown. But this doesn't work in version 1.0.1 (don't know others). I've even tried to give error and abort in very beginning of plugin, but not working, always give that Invalid request error.

So my question is, how can I print my own error message while using own login plugin?

JohnDoh

I guess you are using the `authenticate` hook in your plugin?

QuoteIn case 1 Roundcube gives error message "Login failed." that's fine.
But in case 2 Roundcube gives error message "Invalid request! No data was saved.", that's not fine, because you can find out existing accounts that way.

I think its your plugin doing that, normal behaviour is to get "login failed" for both.

In your plugin are you setting the `valid` arg to false? if so that thats what is doing it, if you set it to true then RC should display your custom error message (or the normal on).

The `valid` arg relates to if the request itself is valid not the data entered.
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more...

nixe

Quote from: JohnDoh on May 30, 2014, 03:10:30 AM
I guess you are using the `authenticate` hook in your plugin?

I think its your plugin doing that, normal behaviour is to get "login failed" for both.

In your plugin are you setting the `valid` arg to false? if so that thats what is doing it, if you set it to true then RC should display your custom error message (or the normal on).

The `valid` arg relates to if the request itself is valid not the data entered.
You're guessing right, and yes that works. Thanks!  :D