added a vuln for broken auth and session mgmt, issue #2

app/controllers/sessions_controller.rb

@@ -7,13 +7,20 @@ class SessionsController < ApplicationController
   end
   
   def create
+     
+      begin
         user = User.authenticate(params[:email], params[:password])
+      rescue Exception => e
+      end
+      
       if user
         session[:id] = user.id if User.where(:id => user.id).exists?
         redirect_to home_dashboard_index_path
       else
+        flash[:error] = e.message
         render "new"
       end
+      
   end
   
   def destroy

app/models/user.rb

@@ -13,8 +13,14 @@ class User < ActiveRecord::Base
        auth = nil
        user = find_by_email(email)
        # I heard something about hashing, dunno, why bother really. Nobody will get access to my stuff!
-       if user && user.password == password
+       if user
+         if user.password == password
            auth = user
+         else
+          raise "Incorrect Password!"
+         end 
+       else
+          raise "#{email} doesn't exist!"
        end
        return auth
   end

app/views/layouts/application.html.erb

@@ -26,6 +26,7 @@
 <% end %>
 <div class="container-fluid">
 	<div class="dashboard-wrapper">
+		<%= render "layouts/shared/messages" %>
 		<%= yield %>
 	</div>
 </div>	

app/views/layouts/shared/_messages.html.erb

@@ -0,0 +1,18 @@
+<% flash.each do |name, msg| %>
+	<% if name == :error %> 
+		<div class="alert alert-error">
+			<a class="close" data-dismiss="alert" href="#">×</a>
+  				<%= content_tag :div, msg, :id => "flash_notice" %>
+		</div>
+	<% elsif name == :success %>
+		<div class="alert alert-success">
+			<a class="close" data-dismiss="alert" href="#">×</a>
+  				<%= content_tag :div, msg, :id => "flash_notice" %>
+		</div>
+	<% elsif name == :info %>
+		<div class="alert alert-info">
+			<a class="close" data-dismiss="alert" href="#">×</a>
+				<%= content_tag :div, msg, :id => "flash_notice" %>
+		</div>
+	<% end %>
+<% end %>