From 18631fb64a136ea6ef9cfb38c4f10b211daf30cf Mon Sep 17 00:00:00 2001
From: Stojan Dimitrovski <sdimitrovski@gmail.com>
Date: Tue, 5 Mar 2024 15:28:21 +0100
Subject: [PATCH] fix: prevent user email side-channel leak on verify

---
 internal/api/verify.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/api/verify.go b/internal/api/verify.go
index 6dd29be05..deb52113d 100644
--- a/internal/api/verify.go
+++ b/internal/api/verify.go
@@ -625,7 +625,7 @@ func (a *API) verifyUserAndToken(conn *storage.Connection, params *VerifyParams,
 
 	if err != nil {
 		if models.IsNotFoundError(err) {
-			return nil, notFoundError(err.Error()).WithInternalError(err)
+			return nil, expiredTokenError("Token has expired or is invalid").WithInternalError(err)
 		}
 		return nil, internalServerError("Database error finding user").WithInternalError(err)
 	}