Spiegel von
https://github.com/dani-garcia/vaultwarden.git
synchronisiert 2024-11-25 05:40:29 +01:00
Return generic message when Send not available
This should help avoid leaking information about (non)existence of Send and be more in line with what official server returns.
Dieser Commit ist enthalten in:
Ursprung
f9ebb780f9
Commit
4b6a574ee0
1 geänderte Dateien mit 10 neuen und 10 gelöschten Zeilen
|
@ -228,27 +228,27 @@ pub struct SendAccessData {
|
|||
fn post_access(access_id: String, data: JsonUpcase<SendAccessData>, conn: DbConn) -> JsonResult {
|
||||
let mut send = match Send::find_by_access_id(&access_id, &conn) {
|
||||
Some(s) => s,
|
||||
None => err_code!("Send not found", 404),
|
||||
None => err_code!("Send does not exist or is no longer available", 404),
|
||||
};
|
||||
|
||||
if let Some(max_access_count) = send.max_access_count {
|
||||
if send.access_count >= max_access_count {
|
||||
err_code!("Max access count reached", 404);
|
||||
err_code!("Send does not exist or is no longer available", 404);
|
||||
}
|
||||
}
|
||||
|
||||
if let Some(expiration) = send.expiration_date {
|
||||
if Utc::now().naive_utc() >= expiration {
|
||||
err_code!("Send has expired", 404)
|
||||
err_code!("Send does not exist or is no longer available", 404)
|
||||
}
|
||||
}
|
||||
|
||||
if Utc::now().naive_utc() >= send.deletion_date {
|
||||
err_code!("Send has been deleted", 404)
|
||||
err_code!("Send does not exist or is no longer available", 404)
|
||||
}
|
||||
|
||||
if send.disabled {
|
||||
err_code!("Send has been disabled", 404)
|
||||
err_code!("Send does not exist or is no longer available", 404)
|
||||
}
|
||||
|
||||
if send.password_hash.is_some() {
|
||||
|
@ -279,27 +279,27 @@ fn post_access_file(
|
|||
) -> JsonResult {
|
||||
let mut send = match Send::find_by_uuid(&send_id, &conn) {
|
||||
Some(s) => s,
|
||||
None => err_code!("Send not found", 404),
|
||||
None => err_code!("Send does not exist or is no longer available", 404),
|
||||
};
|
||||
|
||||
if let Some(max_access_count) = send.max_access_count {
|
||||
if send.access_count >= max_access_count {
|
||||
err_code!("Max access count reached", 404);
|
||||
err_code!("Send does not exist or is no longer available", 404)
|
||||
}
|
||||
}
|
||||
|
||||
if let Some(expiration) = send.expiration_date {
|
||||
if Utc::now().naive_utc() >= expiration {
|
||||
err_code!("Send has expired", 404)
|
||||
err_code!("Send does not exist or is no longer available", 404)
|
||||
}
|
||||
}
|
||||
|
||||
if Utc::now().naive_utc() >= send.deletion_date {
|
||||
err_code!("Send has been deleted", 404)
|
||||
err_code!("Send does not exist or is no longer available", 404)
|
||||
}
|
||||
|
||||
if send.disabled {
|
||||
err_code!("Send has been disabled", 404)
|
||||
err_code!("Send does not exist or is no longer available", 404)
|
||||
}
|
||||
|
||||
if send.password_hash.is_some() {
|
||||
|
|
Laden …
In neuem Issue referenzieren