Skip to content

Commit

Permalink
fix: prevent user email side-channel leak on verify
Browse files Browse the repository at this point in the history
  • Loading branch information
@hf
hf committed Mar 5, 2024
1 parent b5566e7 commit 18631fb
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion internal/api/verify.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -625,7 +625,7 @@ func (a *API) verifyUserAndToken(conn *storage.Connection, params *VerifyParams,

if err != nil {
if models.IsNotFoundError(err) {
return nil, notFoundError(err.Error()).WithInternalError(err)
return nil, expiredTokenError("Token has expired or is invalid").WithInternalError(err)
}
return nil, internalServerError("Database error finding user").WithInternalError(err)
}
Expand Down

0 comments on commit 18631fb

Please sign in to comment.