Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use same string on failed login regardless of whether account exists when in paranoid mode #4763

Closed
JasonBarnabe opened this issue Jan 25, 2018 · 2 comments
Milestone

Comments

@JasonBarnabe
Copy link

Previously reported in #4568. devise is using devise.failure.invalid when you attempt to log in with an existing identifier but a wrong password, while it uses devise.failure.not_found_in_database when the identifier does not exist. In the default en.yml provided by devise, these strings are the same, but if you are using a different localization file, they may not be (see tigrish/devise-i18n#223).

If you have enabled paranoid mode, the same localization key should be used for both cases.

@tegon
Copy link
Member

tegon commented Mar 14, 2018

I haven't understood what the problem was on the previous issue, but now I do 😅 . Thanks, @JasonBarnabe.
This change seems reasonable to me, but I think we would have to do it in a major version since it isn't backward compatible.
Would you be willing to work on this?

@tegon
Copy link
Member

tegon commented May 9, 2018

Closed via #4854

@tegon tegon closed this as completed May 9, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests

2 participants