Skip to content

Navigation Menu

Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Fix Warning: empty password message #12836

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix Warning: empty password message #12836

wants to merge 1 commit into from

Conversation

JakubSzczesniak
Copy link
Contributor

No description provided.

@javiereguiluz javiereguiluz requested a review from wouterj January 2, 2020 14:41
HeahDude
HeahDude reviewed Jan 17, 2020
View reviewed changes
Copy link
Contributor

@HeahDude HeahDude left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consistent with the current example.

But I wonder if we should keep the rest as is, Email could not be found. does not look like a safe message to me, although I don't have any suggestion for something safer, other than the basic Invalid credentials.

@wouterj
Copy link
Member

wouterj commented Jan 19, 2020
edited
Loading

I believe this relates to a long standing bug that has been fixed in all maintained Symfony versions in december: symfony/symfony#34779

Since that fix, UserPasswordEncoder::isPassworldValid() returns false if the password is null. This means that the original code in this PR would return "Invalid credentials". I would not want people to think that they explicitly have to check null passwords if Symfony is already doing that for them. So I'm going to close this PR.

Feel free to comment if there is another reason you added this condition or something else I've missed. We can always reopen this PR :)

Thanks for your time to improve the docs!

@wouterj wouterj closed this Jan 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HeahDude HeahDude HeahDude left review comments

@javiereguiluz javiereguiluz javiereguiluz approved these changes

@wouterj wouterj Awaiting requested review from wouterj

Assignees
No one assigned
Labels
Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@JakubSzczesniak @wouterj @javiereguiluz @HeahDude @carsonbot
Morty Proxy This is a proxified and sanitized view of the page, visit original site.