This allows to distinguish, for example, the following three cases:
- The pvedaemon service is not responding (595)
- The pveproxy service is not responding (no error status code)
- The authentication credentials are not correct (401)
Since different combinations of wrong password and/or wrong user all
report the same error message: "authentication failure (401)" this does
not leak login information.
Another consideration is that the code `resp.status` does not match the
HTTP code seen in the API (a failed authentication has a return code 200
from the point of view of the browser) and its information is lost
without this change.
Signed-off-by: Maximiliano Sandoval <m.sando...@proxmox.com>
---
www/manager6/window/LoginWindow.js | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/www/manager6/window/LoginWindow.js
b/www/manager6/window/LoginWindow.js
index a1ba3cdb..066c053a 100644
--- a/www/manager6/window/LoginWindow.js
+++ b/www/manager6/window/LoginWindow.js
@@ -157,6 +157,14 @@ Ext.define('PVE.window.LoginWindow', {
};
let emsg = gettext("Login failed. Please try again");
+ if (resp.status) {
+ emsg = Ext.String.format(
+ "{0}<br>{1}<br>{2}",
+ gettext("Login failed:"),
+ resp.htmlStatus,
+ gettext("Please try again"),
+ );
+ }
if (resp.failureType === "connect") {
emsg = gettext("Connection failure. Network error or Proxmox VE
services not running?");
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
