mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
56fdc40290
Now, /verify can return 401 or 403 depending on the user authentication. Every public API endpoints and pages return 200 with error message in JSON body or 401 if the user is not authorized. This policy makes it complicated for an attacker to know what is the source of the failure and hide server-side bugs (not returning 500), bugs being potential threats.
23 lines
1.3 KiB
TypeScript
23 lines
1.3 KiB
TypeScript
|
|
export const AUTHENTICATION_FAILED = "Authentication failed. Please check your credentials.";
|
|
export const AUTHENTICATION_SUCCEEDED = "Authentication succeeded. You can now access your services.";
|
|
|
|
export const AUTHENTICATION_U2F_FAILED = "Authentication failed. Have you already registered your device?";
|
|
export const AUTHENTICATION_TOTP_FAILED = "Authentication failed. Have you already registered your secret?";
|
|
|
|
export const U2F_TRANSACTION_FINISH_FAILED = "U2F validation failed unexpectedly.";
|
|
export const PLEASE_TOUCH_TOKEN = "Please touch the token on your U2F device.";
|
|
|
|
export const REGISTRATION_U2F_FAILED = "Registration of U2F device failed.";
|
|
|
|
export const DIFFERENT_PASSWORDS = "The passwords are different.";
|
|
export const MISSING_PASSWORD = "You must enter your password twice.";
|
|
export const RESET_PASSWORD_FAILED = "An error occurred during password reset. Your password has not been changed.";
|
|
|
|
// Password reset request
|
|
export const MISSING_USERNAME = "You must provide your username to reset your password.";
|
|
export const MAIL_SENT = "An email has been sent to you. Follow the link to change your password.";
|
|
export const MAIL_NOT_SENT = "The email cannot be sent. Please retry in few minutes.";
|
|
|
|
export const UNAUTHORIZED_OPERATION = "You are not allowed to perform this operation.";
|
|
export const OPERATION_FAILED = "Operation failed."; |