[PR #860] [MERGED] feat: Add an option to have more verbose error messages and set the default value to false #1122

New Issue

Closed

opened 2026-02-04 21:51:48 +03:00 by OVERLORD · 0 comments

OVERLORD commented 2026-02-04 21:51:48 +03:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/plankanban/planka/pull/860
Author: @Nounoursdestavernes
Created: 8/28/2024
Status: ✅ Merged
Merged: 8/30/2024
Merged by: @meltyshev

Base: master ← Head: master

---

📝 Commits (7)

• 64e344e fix: update french translation
• 2d3a765 Merge branch 'plankanban:master' into master
• 3b66ccf chore: Fix linting
• 9a50494 fix: more generic error messages on login
• 82b03e5 feat: correct bool according to the name (inversion of enable and disable)
• 4b6e52a Merge branch 'master' of https://github.com/Nounoursdestavernes/planka into pr/849
• 5831972 chore: Rename env variable, refactoring

📊 Changes

7 files changed (+29 additions, -2 deletions)

View changed files

📝 client/src/components/Login/Login.jsx (+6 -0)
📝 client/src/locales/en-US/login.js (+1 -0)
📝 docker-compose-dev.yml (+2 -0)
📝 docker-compose.yml (+2 -0)
📝 server/.env.sample (+2 -0)
📝 server/api/controllers/access-tokens/create.js (+14 -2)
📝 server/config/custom.js (+2 -0)

📄 Description

Hi,

This PR add a new option that can be config through the ENABLE_VERBOSE_ON_LOGIN env var. (This name can be change, not the best one I concede).

Default value is false. The error message when failling to login is Invalid Credentials.

Setting to true will enable verbose.
Error messages become Invalid email or username or Invalid password (Current behaviour).

This setting must be set to true only if rate limiter is enable. Otherwise this could lead to a security issue. (cf owasp )

Best regards,

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/plankanban/planka/pull/860 **Author:** [@Nounoursdestavernes](https://github.com/Nounoursdestavernes) **Created:** 8/28/2024 **Status:** ✅ Merged **Merged:** 8/30/2024 **Merged by:** [@meltyshev](https://github.com/meltyshev) **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (7) - [`64e344e`](https://github.com/plankanban/planka/commit/64e344ebf4f8fcdf6026f4547d168c24fd134301) fix: update french translation - [`2d3a765`](https://github.com/plankanban/planka/commit/2d3a765c41a4adc20e703a0cf178e013ff66b80d) Merge branch 'plankanban:master' into master - [`3b66ccf`](https://github.com/plankanban/planka/commit/3b66ccf7202c85928fc63ebda7dd6be7623bf320) chore: Fix linting - [`9a50494`](https://github.com/plankanban/planka/commit/9a5049472f40d35299ea9b56f76143b09896f40c) fix: more generic error messages on login - [`82b03e5`](https://github.com/plankanban/planka/commit/82b03e55426e6c005a5956d0739b171a4a6761b2) feat: correct bool according to the name (inversion of enable and disable) - [`4b6e52a`](https://github.com/plankanban/planka/commit/4b6e52a9c60318001e7d30aa4c252ce899a16049) Merge branch 'master' of https://github.com/Nounoursdestavernes/planka into pr/849 - [`5831972`](https://github.com/plankanban/planka/commit/58319728fa1ae7c93f7a94d0090d06f25abfb74e) chore: Rename env variable, refactoring ### 📊 Changes **7 files changed** (+29 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `client/src/components/Login/Login.jsx` (+6 -0) 📝 `client/src/locales/en-US/login.js` (+1 -0) 📝 `docker-compose-dev.yml` (+2 -0) 📝 `docker-compose.yml` (+2 -0) 📝 `server/.env.sample` (+2 -0) 📝 `server/api/controllers/access-tokens/create.js` (+14 -2) 📝 `server/config/custom.js` (+2 -0) </details> ### 📄 Description Hi, This PR add a new option that can be config through the `ENABLE_VERBOSE_ON_LOGIN` env var. (This name can be change, not the best one I concede). Default value is `false`. The error message when failling to login is `Invalid Credentials`. Setting to true will enable verbose. Error messages become `Invalid email or username` or `Invalid password` (Current behaviour). This setting must be set to `true` only if rate limiter is enable. Otherwise this could lead to a security issue. (cf [owasp](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#authentication-and-error-messages) ) Best regards, --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

OVERLORD added the pull-request label 2026-02-04 21:51:48 +03:00

OVERLORD closed this issue 2026-02-04 21:51:51 +03:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

gh-pages

planka-1.1.2

planka-1.1.1

planka-1.1.0

planka-1.0.5

planka-1.0.4

v2.0.0-rc.4

v1.26.3

planka-0.2.26

planka-1.0.3

planka-1.0.2

v2.0.0-rc.3

planka-1.0.1

planka-1.0.0

v2.0.0-rc.2

planka-0.2.25

v1.26.2

v1.26.1

planka-0.2.24

v1.26.0

planka-0.2.23

v1.25.1

planka-0.2.22

v1.25.0

planka-0.2.21

v1.24.4

planka-0.2.20

v1.24.3

planka-0.2.19

planka-0.2.18

v1.24.2

planka-0.2.17

planka-0.2.16

v1.24.1

planka-0.2.15

v1.24.0

planka-0.2.14

v1.23.5

v1.23.4

planka-0.2.13

planka-0.2.12

v1.23.3

planka-0.2.11

v1.23.2

planka-0.2.10

v1.23.1

planka-0.2.9

v1.23.0

v1.22.0

planka-0.2.8

Labels

Clear labels

bug

bug

documentation

documentation

duplicate

enhancement

good first issue

help wanted

pull-request

Mirrored from GitHub Pull Request

question

wontfix

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/planka#1122