Remove remaining account enumeration on login page.

corentin-soriano · corentin-soriano · commit f554fadbfe06 · 2024-11-25T15:30:38.000+01:00
diff --git a/includes/core/login.js.php b/includes/core/login.js.php
@@ -627,11 +627,7 @@ function launchIdentify(isDuo, redirect, psk, oauth2 = false) {
         //TODO : je pense que cela pourrait etre modifié pour ne pas faire de requete ajax ; on dispose des infos via `get_teampass_settings`
         $.post(
             'sources/identify.php', {
-                type: 'get2FAMethods',
-                login: $('#login').val(),
-                xhrFields: {
-                    withCredentials: true
-                }
+                type: 'get2FAMethods'
             },
             function(data) {
                 data = JSON.parse(data);
diff --git a/includes/language/bulgarian.php b/includes/language/bulgarian.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/catalan.php b/includes/language/catalan.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/chinese.php b/includes/language/chinese.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/czech.php b/includes/language/czech.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/dutch.php b/includes/language/dutch.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/english.php b/includes/language/english.php
@@ -39,7 +39,6 @@
     'highlight_selected_tip' => 'When enabled, the selected item will be highlighted in the list.',
     'highlight_favorites' => 'Highlight favorites',
     'highlight_favorites_tip' => 'When enabled, the favorite items will be highlighted in the list.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'oauth2_need_user_old_password' => 'For the first SSO connection, please provide your previous password',
diff --git a/includes/language/estonian.php b/includes/language/estonian.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/french.php b/includes/language/french.php
@@ -1189,7 +1189,6 @@
     'show_item_data_tip' => 'Permet d&apos;afficher des informations supplémentaires dans la liste des éléments (nom d&apos;utilisateur, e-mail et URL). Cela peut être utile pour avoir un aperçu rapide du contenu de l&apos;élément.',
     'items_page_split_view_mode' => 'Afficher le détail d&apos;un objet sur la page des objets',
     'replace_tenant_id' => 'Adapter l&apos;url tout en laissant {tenant-id}. Il sera remplacer lors de l&apos;appel.',
-    'user_exists_but_not_oauth2' => 'Vous devez vous authentifier avec votre compte Azure/Entra AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'Vous n&apos;êtes pas autoriser à vous authentifier à l&apos;application Teampass',
     'user_is_not_auth_with_oauth2' => 'Vous ne pouvez pas vous authentifier avec un compte Entra/Azure AD',
     'highlight_favorites' => 'Mettre en évidence les favoris',
diff --git a/includes/language/german.php b/includes/language/german.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Zeigt zusätzliche Informationen in der Eintragsliste an (Benutzername, E-Mail, URL). Dies erlaubt einen schnellen Überblick über den Inhalt der Einträge.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/greek.php b/includes/language/greek.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/hungarian.php b/includes/language/hungarian.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/italian.php b/includes/language/italian.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/japanese.php b/includes/language/japanese.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/norwegian.php b/includes/language/norwegian.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/polish.php b/includes/language/polish.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/portuguese.php b/includes/language/portuguese.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/portuguese_br.php b/includes/language/portuguese_br.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/romanian.php b/includes/language/romanian.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/russian.php b/includes/language/russian.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/spanish.php b/includes/language/spanish.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permite mostrar información adicional en la lista de elementos (nombre de usuario, correo electrónico y URL). Esto podría ser útil para tener una vista rápida del contenido del elemento.',
     'items_page_split_view_mode' => 'Mostrar los detalles del elemento en modo de vista dividida de página',
     'replace_tenant_id' => 'Adapte la URL pero mantenga {tenant-id} tal cual. Se reemplazará en vivo por el ID del inquilino.',
-    'user_exists_but_not_oauth2' => 'El usuario debe autenticarse utilizando Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'El usuario no tiene permitido autenticarse en la aplicación Teampass',
     'user_is_not_auth_with_oauth2' => 'El usuario no debe autenticarse con Entra/Azure AD',
     'highlight_favorites' => 'Resaltar favoritos',
diff --git a/includes/language/swedish.php b/includes/language/swedish.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/turkish.php b/includes/language/turkish.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/includes/language/ukrainian.php b/includes/language/ukrainian.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Дозволяє відображати додаткову інформацію у списку елементів (ім&apos;я користувача, електронна пошта та URL). Це може бути корисно для швидкого перегляду вмісту елемента.',
     'items_page_split_view_mode' => 'Показати деталі елемента у режимі розділеного перегляду сторінки',
     'replace_tenant_id' => 'Адаптувати URL, але залишити {tenant-id} як є. Він буде замінений в реальному часі на ID орендаря.',
-    'user_exists_but_not_oauth2' => 'Користувач повинен автентифікуватися за допомогою Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'Користувачеві не дозволено автентифікуватися за допомогою додатку Teampass',
     'user_is_not_auth_with_oauth2' => 'Користувач не повинен автентифікуватися за допомогою Entra/Azure AD',
     'highlight_favorites' => 'Виділити обрані',
diff --git a/includes/language/vietnamese.php b/includes/language/vietnamese.php
@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',
diff --git a/sources/identify.php b/sources/identify.php
@@ -2229,6 +2229,9 @@ function identifyDoLDAPChecks(
     int $sessionPwdAttempts
 ): array
 {
+    $session = SessionManager::getSession();
+    $lang = new Language($session->get('user-language') ?? 'english');
+
     // Prepare LDAP connection if set up
     if ((int) $SETTINGS['ldap_mode'] === 1
         && $username !== 'admin'
@@ -2249,7 +2252,7 @@ function identifyDoLDAPChecks(
                     'initial_url' => isset($sessionUrl) === true ? $sessionUrl : '',
                     'pwd_attempts' => (int) $sessionPwdAttempts,
                     'error' => true,
-                    'message' => "LDAP error: ".$retLDAP['message'],
+                    'message' => $lang->get('error_bad_credentials'),
                 ]
             ];
         }
@@ -2338,7 +2341,7 @@ function shouldUserAuthWithOauth2(
                 // Case where user exists in Teampass but not allowed to auth with Oauth2
                 return [
                     'error' => true,
-                    'message' => 'user_exists_but_not_oauth2',
+                    'message' => 'error_bad_credentials',
                     'oauth2Connection' => false,
                     'userPasswordVerified' => false,
                 ];
