From 436104a71084037a65a7c19daa0c98200cb9b6af Mon Sep 17 00:00:00 2001 From: Bowen 404 Date: Fri, 14 Nov 2025 15:25:05 +0800 Subject: [PATCH 1/3] =?UTF-8?q?=E5=AE=89=E5=85=A8=E6=80=A7=E6=94=B9?= =?UTF-8?q?=E8=BF=9B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 用户名以及密码错误均使用“用户名或密码错误”,防止用户名被枚举+密码爆破导致后台被控制。 --- packages/hydrooj/src/error.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/hydrooj/src/error.ts b/packages/hydrooj/src/error.ts index 94d42010ec..cad2cc3240 100644 --- a/packages/hydrooj/src/error.ts +++ b/packages/hydrooj/src/error.ts @@ -12,7 +12,7 @@ export const SendMailError = Err('SendMailError', UserFacingError, 'Failed to se export const AlreadyVotedError = Err('AlreadyVotedError', ForbiddenError, "You've already voted."); export const BuiltinLoginError = Err('BuiltinLoginError', ForbiddenError, 'Builtin login is disabled.'); -export const LoginError = Err('LoginError', ForbiddenError, 'Invalid password for user {0}.'); +export const LoginError = Err('LoginError', ForbiddenError, 'Invalid username or password.'); export const AccessDeniedError = Err('AccessDeniedError', ForbiddenError, 'Access denied.'); export const UserAlreadyExistError = Err('UserAlreadyExistError', ForbiddenError, 'User {0} already exists.'); export const InvalidTokenError = Err('InvalidTokenError', ForbiddenError, 'The {0} Token is invalid.'); @@ -67,7 +67,7 @@ export const ProblemConfigError = Err('ProblemConfigError', BadRequestError, 'In export const ProblemIsReferencedError = Err('ProblemIsReferencedError', BadRequestError, 'Cannot {0} of a referenced problem.'); export const AuthOperationError = Err('AuthOperationError', BadRequestError, '{0} is already {1}.'); -export const UserNotFoundError = Err('UserNotFoundError', NotFoundError, 'User {0} not found.'); +export const UserNotFoundError = Err('LoginError', NotFoundError, 'Invalid username or password.'); export const NoProblemError = Err('NoProblemError', NotFoundError, 'No problem.'); export const RecordNotFoundError = Err('RecordNotFoundError', NotFoundError, 'Record {0} not found.'); export const ProblemDataNotFoundError = Err('ProblemDataNotFoundError', NotFoundError, 'Data of problem {0} not found.'); From f846650f8fd1878c2ef87aaad046354aa5044987 Mon Sep 17 00:00:00 2001 From: Bowen 404 Date: Fri, 14 Nov 2025 15:26:15 +0800 Subject: [PATCH 2/3] =?UTF-8?q?=E5=AE=89=E5=85=A8=E6=80=A7=E6=94=B9?= =?UTF-8?q?=E8=BF=9B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 增加翻译: Invalid username or password.: 用户名或密码错误。 --- packages/hydrooj/locales/zh.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/hydrooj/locales/zh.yaml b/packages/hydrooj/locales/zh.yaml index 510455e713..1167f855a1 100644 --- a/packages/hydrooj/locales/zh.yaml +++ b/packages/hydrooj/locales/zh.yaml @@ -425,6 +425,7 @@ Instead of copying the test data directly, the test data of the copied problems Introduce must not exceed 500 characters and it will be shown in the list view.: 简介不能超过 500 个字符,将显示在列表页面中。 Introduce: 简介 Invalid password for user {0}.: 用户 {0} 的密码错误。 +Invalid username or password.: 用户名或密码错误。 Invalid: 无效 Invitation Code: 邀请码 IO: 输入输出 From f159c748881d14ed2efab8c8a0606ed3caf8a06c Mon Sep 17 00:00:00 2001 From: Bowen 404 Date: Fri, 14 Nov 2025 16:41:28 +0800 Subject: [PATCH 3/3] UserNotFoundError changes from NotFoundError to ForbiddenError --- packages/hydrooj/src/error.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/hydrooj/src/error.ts b/packages/hydrooj/src/error.ts index cad2cc3240..2171a7c60c 100644 --- a/packages/hydrooj/src/error.ts +++ b/packages/hydrooj/src/error.ts @@ -67,7 +67,7 @@ export const ProblemConfigError = Err('ProblemConfigError', BadRequestError, 'In export const ProblemIsReferencedError = Err('ProblemIsReferencedError', BadRequestError, 'Cannot {0} of a referenced problem.'); export const AuthOperationError = Err('AuthOperationError', BadRequestError, '{0} is already {1}.'); -export const UserNotFoundError = Err('LoginError', NotFoundError, 'Invalid username or password.'); +export const UserNotFoundError = Err('LoginError', ForbiddenError, 'Invalid username or password.'); export const NoProblemError = Err('NoProblemError', NotFoundError, 'No problem.'); export const RecordNotFoundError = Err('RecordNotFoundError', NotFoundError, 'Record {0} not found.'); export const ProblemDataNotFoundError = Err('ProblemDataNotFoundError', NotFoundError, 'Data of problem {0} not found.');