Description
Right now if you try to login and you provide an unknown username/email or a wrong password, you will get no toast message. This PR adds toast messages for those scenarios and uses the ...
Not a bad idea! The attack vector issue they mention in the PR comments is valid, though. Not displaying those errors gives an attacker no confirmation that a user whose account they’re trying to attack exists, if they’re trying known used passwords. But good on you doing what you can to contribute to the project!
Not a bad idea! The attack vector issue they mention in the PR comments is valid, though. Not displaying those errors gives an attacker no confirmation that a user whose account they’re trying to attack exists, if they’re trying known used passwords. But good on you doing what you can to contribute to the project!
There should be an error, but it shouldn’t say whether it was the email or password that was wrong.