2019-04-30 15:26:05 +00:00
parent de36cbbaf1
commit e8ef841590
17 changed files with 72 additions and 54 deletions
--- a/server/AyaNova/Controllers/AuthController.cs
+++ b/server/AyaNova/Controllers/AuthController.cs
@@ -179,7 +179,9 @@ namespace AyaNova.Api.Controllers
                    //If the user is inactive they may not login
                    if (!u.Active)
                    {
-                        return StatusCode(401, new ApiErrorResponse(ApiErrorCode.NOT_AUTHORIZED, null, "User deactivated"));
+                        //This is leaking information, instead just act like bad creds
+                        //return StatusCode(401, new ApiErrorResponse(ApiErrorCode.NOT_AUTHORIZED, null, "User deactivated"));
+                         return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
                    }

                    //build the key (JWT set in startup.cs)