vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README
commit 4b6a574ee0e7ab4362c188be646369f2c440eb6c
parent f9ebb780f92c44b63b1cab6be79ff120f183fc4c
Author: Miro Prasil <miro@circleci.com>
Date:   Tue, 23 Mar 2021 13:39:09 +0000

Return generic message when Send not available

This should help avoid leaking information about (non)existence of Send
and be more in line with what official server returns.

Diffstat:

Msrc/api/core/sends.rs | 20++++++++++----------


1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/api/core/sends.rs b/src/api/core/sends.rs
@@ -228,27 +228,27 @@ pub struct SendAccessData {
 fn post_access(access_id: String, data: JsonUpcase<SendAccessData>, conn: DbConn) -> JsonResult {
     let mut send = match Send::find_by_access_id(&access_id, &conn) {
         Some(s) => s,
-        None => err_code!("Send not found", 404),
+        None => err_code!("Send does not exist or is no longer available", 404),
     };
 
     if let Some(max_access_count) = send.max_access_count {
         if send.access_count >= max_access_count {
-            err_code!("Max access count reached", 404);
+            err_code!("Send does not exist or is no longer available", 404);
         }
     }
 
     if let Some(expiration) = send.expiration_date {
         if Utc::now().naive_utc() >= expiration {
-            err_code!("Send has expired", 404)
+            err_code!("Send does not exist or is no longer available", 404)
         }
     }
 
     if Utc::now().naive_utc() >= send.deletion_date {
-        err_code!("Send has been deleted", 404)
+        err_code!("Send does not exist or is no longer available", 404)
     }
 
     if send.disabled {
-        err_code!("Send has been disabled", 404)
+        err_code!("Send does not exist or is no longer available", 404)
     }
 
     if send.password_hash.is_some() {
@@ -279,27 +279,27 @@ fn post_access_file(
 ) -> JsonResult {
     let mut send = match Send::find_by_uuid(&send_id, &conn) {
         Some(s) => s,
-        None => err_code!("Send not found", 404),
+        None => err_code!("Send does not exist or is no longer available", 404),
     };
 
     if let Some(max_access_count) = send.max_access_count {
         if send.access_count >= max_access_count {
-            err_code!("Max access count reached", 404);
+            err_code!("Send does not exist or is no longer available", 404)
         }
     }
 
     if let Some(expiration) = send.expiration_date {
         if Utc::now().naive_utc() >= expiration {
-            err_code!("Send has expired", 404)
+            err_code!("Send does not exist or is no longer available", 404)
         }
     }
 
     if Utc::now().naive_utc() >= send.deletion_date {
-        err_code!("Send has been deleted", 404)
+        err_code!("Send does not exist or is no longer available", 404)
     }
 
     if send.disabled {
-        err_code!("Send has been disabled", 404)
+        err_code!("Send does not exist or is no longer available", 404)
     }
 
     if send.password_hash.is_some() {