]> BookStack Code Mirror - bookstack/commit
projects / bookstack / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8ec26e8)
Auth: Added specific guards against guest account login
authorDan Brown <redacted>
Wed, 11 Dec 2024 14:22:48 +0000 (14:22 +0000)
committerDan Brown <redacted>
Wed, 11 Dec 2024 14:22:48 +0000 (14:22 +0000)
commit5632fef6212001ec8357c854f565b5e6a1df9c0f
treeffb665e878d4d328f7eccb0d9c5ef6957de8b00atree | snapshot
parent8ec26e80834841dd66ae6123dad8855d8509120fcommit | diff
Auth: Added specific guards against guest account login

Hardened things to enforce the intent that the guest account should not
be used for logins.
Currently this would not be allowed due to empty set password, and no
password fields on user edit forms, but an error could occur if the
login was attempted.

This adds:
- Handling to show normal invalid user warning on login instead of a
  hash check error.
- Prevention of guest user via main login route, in the event that
  inventive workarounds would be used by admins to set a password for
  this account.
- Test for guest user login.
app/Access/LoginService.php diff | blob | history
app/Exceptions/LoginAttemptInvalidUserException.php [new file with mode: 0644] blob
tests/Auth/AuthTest.php diff | blob | history
The core source code for the BookStack project.