diff --git a/src/routes/session.rs b/src/routes/session.rs index bcc3c6b0..a0d3c7fb 100644 --- a/src/routes/session.rs +++ b/src/routes/session.rs @@ -57,6 +57,10 @@ fn create(conn: DbConn, data: LenientForm, flash: Option e }; if let Err(_) = user.clone() { + // Fake password verification, only to avoid different login times + // that could be used to see if an email adress is registered or not + User::get(&*conn, 1).map(|u| u.auth(form.password.clone())); + let mut err = ValidationError::new("invalid_login"); err.message = Some(Cow::from("Invalid username or password")); errors.add("email_or_name", err)