fix: #14116, don't return ban reason if login credentials are incorrect

2026-04-09 14:09:32 +02:00 · 2026-03-23 09:43:15 -04:00
parent 43e7f0abb9
commit 9bcef6b5ea
2 changed files with 20 additions and 10 deletions
--- a/test/user.js
+++ b/test/user.js
@@ -1394,6 +1394,17 @@ describe('User', () => {
 			assert.strictEqual(await db.isSortedSetMember('users:banned', testUid), false);
 		});

+		it('should not return ban reason if login is incorrect', async () => {
+			const testUid = await User.create({ username: 'bannedUser4', password: '654321' });
+			await User.bans.ban(testUid, 0, 'testing bans');
+			let { response, body } = await helpers.loginUser('bannedUser4', '5555555');
+			assert.strictEqual(response.status, 403);
+			assert.strictEqual(body, '[[error:invalid-login-credentials]]');
+
+			({ response, body } = await helpers.loginUser('bannedUser4', '654321'));
+			assert.strictEqual(response.status, 403);
+			assert.strictEqual(body.reason, 'testing bans');
+		});
 	});

 	describe('Digest.getSubscribers', () => {