topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Return generic message when Send not available 

This should help avoid leaking information about (non)existence of Send
and be more in line with what official server returns.
pull/1529/head
Miro Prasil 4 years ago
parent
f9ebb780f9
commit
4b6a574ee0
1 changed files with 10 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 20
      src/api/core/sends.rs

20
src/api/core/sends.rs
View File

@ -228,27 +228,27 @@ pub struct SendAccessData {
fn post_access(access_id: String, data: JsonUpcase<SendAccessData>, conn: DbConn) -> JsonResult {
let mut send = match Send::find_by_access_id(&access_id, &conn) {
Some(s) => s,
None => err_code!("Send not found", 404),
None => err_code!("Send does not exist or is no longer available", 404),
};
if let Some(max_access_count) = send.max_access_count {
if send.access_count >= max_access_count {
err_code!("Max access count reached", 404);
err_code!("Send does not exist or is no longer available", 404);
}
}
if let Some(expiration) = send.expiration_date {
if Utc::now().naive_utc() >= expiration {
err_code!("Send has expired", 404)
err_code!("Send does not exist or is no longer available", 404)
}
}
if Utc::now().naive_utc() >= send.deletion_date {
err_code!("Send has been deleted", 404)
err_code!("Send does not exist or is no longer available", 404)
}
if send.disabled {
err_code!("Send has been disabled", 404)
err_code!("Send does not exist or is no longer available", 404)
}
if send.password_hash.is_some() {
@ -279,27 +279,27 @@ fn post_access_file(
) -> JsonResult {
let mut send = match Send::find_by_uuid(&send_id, &conn) {
Some(s) => s,
None => err_code!("Send not found", 404),
None => err_code!("Send does not exist or is no longer available", 404),
};
if let Some(max_access_count) = send.max_access_count {
if send.access_count >= max_access_count {
err_code!("Max access count reached", 404);
err_code!("Send does not exist or is no longer available", 404)
}
}
if let Some(expiration) = send.expiration_date {
if Utc::now().naive_utc() >= expiration {
err_code!("Send has expired", 404)
err_code!("Send does not exist or is no longer available", 404)
}
}
if Utc::now().naive_utc() >= send.deletion_date {
err_code!("Send has been deleted", 404)
err_code!("Send does not exist or is no longer available", 404)
}
if send.disabled {
err_code!("Send has been disabled", 404)
err_code!("Send does not exist or is no longer available", 404)
}
if send.password_hash.is_some() {

Write Preview
Loading…
Cancel
Save