authelia/internal/authentication
James Elliott e95c6a294d
[HOTFIX] Prevent Username Enumeration (#950)
* [HOTFIX] Prevent Username Enumeration

* thanks to TheHllm for identifying the bug: https://github.com/TheHllm
* temporarily prevents username enumeration with file auth
* proper calculated and very slightly random fix to come

* closely replicate behaviour

* allow error to bubble up

* Synchronize security documentation.

Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-02 00:32:09 +02:00
..
const.go [MISC] Implement golint recommendations (#885) 2020-04-20 23:03:38 +02:00
file_user_provider_test.go [HOTFIX] Prevent Username Enumeration (#950) 2020-05-02 00:32:09 +02:00
file_user_provider.go [HOTFIX] Prevent Username Enumeration (#950) 2020-05-02 00:32:09 +02:00
ldap_connection_factory_mock.go [MISC] Update durations to notation format and housekeeping (#824) 2020-04-05 22:37:21 +10:00
ldap_connection_factory.go [MISC] Implement golint recommendations (#885) 2020-04-20 23:03:38 +02:00
ldap_user_provider_test.go [MISC] Ignore errcheck recommendations for legacy code (#893) 2020-04-22 13:33:14 +10:00
ldap_user_provider.go [HOTFIX] Prevent Username Enumeration (#950) 2020-05-02 00:32:09 +02:00
password_hash_test.go [BUGFIX] Password hashing schema map mismatch with docs (#852) 2020-04-11 13:54:18 +10:00
password_hash.go [HOTFIX] Prevent Username Enumeration (#950) 2020-05-02 00:32:09 +02:00
types.go [BUGFIX] [BREAKING] Set username retrieved from authentication backend in session. (#687) 2020-03-15 18:10:25 +11:00
user_provider.go Move source code into internal directory to follow standard project layout. 2019-11-17 16:30:33 +01:00