mirror of
https://github.com/dani-garcia/vaultwarden
synced 2024-12-13 17:22:58 +01:00
Return generic message when Send not available
This should help avoid leaking information about (non)existence of Send and be more in line with what official server returns.
This commit is contained in:
parent
f9ebb780f9
commit
4b6a574ee0
1 changed files with 10 additions and 10 deletions
|
@ -228,27 +228,27 @@ pub struct SendAccessData {
|
|||
fn post_access(access_id: String, data: JsonUpcase<SendAccessData>, conn: DbConn) -> JsonResult {
|
||||
let mut send = match Send::find_by_access_id(&access_id, &conn) {
|
||||
Some(s) => s,
|
||||
None => err_code!("Send not found", 404),
|
||||
None => err_code!("Send does not exist or is no longer available", 404),
|
||||
};
|
||||
|
||||
if let Some(max_access_count) = send.max_access_count {
|
||||
if send.access_count >= max_access_count {
|
||||
err_code!("Max access count reached", 404);
|
||||
err_code!("Send does not exist or is no longer available", 404);
|
||||
}
|
||||
}
|
||||
|
||||
if let Some(expiration) = send.expiration_date {
|
||||
if Utc::now().naive_utc() >= expiration {
|
||||
err_code!("Send has expired", 404)
|
||||
err_code!("Send does not exist or is no longer available", 404)
|
||||
}
|
||||
}
|
||||
|
||||
if Utc::now().naive_utc() >= send.deletion_date {
|
||||
err_code!("Send has been deleted", 404)
|
||||
err_code!("Send does not exist or is no longer available", 404)
|
||||
}
|
||||
|
||||
if send.disabled {
|
||||
err_code!("Send has been disabled", 404)
|
||||
err_code!("Send does not exist or is no longer available", 404)
|
||||
}
|
||||
|
||||
if send.password_hash.is_some() {
|
||||
|
@ -279,27 +279,27 @@ fn post_access_file(
|
|||
) -> JsonResult {
|
||||
let mut send = match Send::find_by_uuid(&send_id, &conn) {
|
||||
Some(s) => s,
|
||||
None => err_code!("Send not found", 404),
|
||||
None => err_code!("Send does not exist or is no longer available", 404),
|
||||
};
|
||||
|
||||
if let Some(max_access_count) = send.max_access_count {
|
||||
if send.access_count >= max_access_count {
|
||||
err_code!("Max access count reached", 404);
|
||||
err_code!("Send does not exist or is no longer available", 404)
|
||||
}
|
||||
}
|
||||
|
||||
if let Some(expiration) = send.expiration_date {
|
||||
if Utc::now().naive_utc() >= expiration {
|
||||
err_code!("Send has expired", 404)
|
||||
err_code!("Send does not exist or is no longer available", 404)
|
||||
}
|
||||
}
|
||||
|
||||
if Utc::now().naive_utc() >= send.deletion_date {
|
||||
err_code!("Send has been deleted", 404)
|
||||
err_code!("Send does not exist or is no longer available", 404)
|
||||
}
|
||||
|
||||
if send.disabled {
|
||||
err_code!("Send has been disabled", 404)
|
||||
err_code!("Send does not exist or is no longer available", 404)
|
||||
}
|
||||
|
||||
if send.password_hash.is_some() {
|
||||
|
|
Loading…
Reference in a new issue