From 0680dc8cd5e17ccfe527af1ac46212f7b82f7b2d Mon Sep 17 00:00:00 2001
From: Jellyfrog <Jellyfrog@users.noreply.github.com>
Date: Fri, 1 Oct 2021 14:12:48 +0200
Subject: [PATCH] Use the same error message for different kind of
 authentiction errors (#13306)

This prevents usernames to be guess as the application confirms or denies their existence.
---
 LibreNMS/Authentication/MysqlAuthorizer.php | 2 +-
 app/Providers/LegacyUserProvider.php        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/LibreNMS/Authentication/MysqlAuthorizer.php b/LibreNMS/Authentication/MysqlAuthorizer.php
index 2386016ca4..0ea39ca483 100644
--- a/LibreNMS/Authentication/MysqlAuthorizer.php
+++ b/LibreNMS/Authentication/MysqlAuthorizer.php
@@ -23,7 +23,7 @@ class MysqlAuthorizer extends AuthorizerBase
         $enabled = $user_data->enabled;
 
         if (! $enabled) {
-            throw new AuthenticationException($message = 'login denied');
+            throw new AuthenticationException();
         }
 
         if (Hash::check($password, $hash)) {
diff --git a/app/Providers/LegacyUserProvider.php b/app/Providers/LegacyUserProvider.php
index b2a818b9d6..8b4ac3342e 100644
--- a/app/Providers/LegacyUserProvider.php
+++ b/app/Providers/LegacyUserProvider.php
@@ -128,7 +128,7 @@ class LegacyUserProvider implements UserProvider
             }
 
             if (empty($credentials['username']) || ! $authorizer->authenticate($credentials)) {
-                throw new AuthenticationException('Invalid Credentials');
+                throw new AuthenticationException();
             }
 
             return true;