1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-25 05:40:29 +01:00

Return generic message when Send not available

This should help avoid leaking information about (non)existence of Send
and be more in line with what official server returns.
Dieser Commit ist enthalten in:
Miro Prasil 2021-03-23 13:39:09 +00:00
Ursprung f9ebb780f9
Commit 4b6a574ee0

Datei anzeigen

@ -228,27 +228,27 @@ pub struct SendAccessData {
fn post_access(access_id: String, data: JsonUpcase<SendAccessData>, conn: DbConn) -> JsonResult {
let mut send = match Send::find_by_access_id(&access_id, &conn) {
Some(s) => s,
None => err_code!("Send not found", 404),
None => err_code!("Send does not exist or is no longer available", 404),
};
if let Some(max_access_count) = send.max_access_count {
if send.access_count >= max_access_count {
err_code!("Max access count reached", 404);
err_code!("Send does not exist or is no longer available", 404);
}
}
if let Some(expiration) = send.expiration_date {
if Utc::now().naive_utc() >= expiration {
err_code!("Send has expired", 404)
err_code!("Send does not exist or is no longer available", 404)
}
}
if Utc::now().naive_utc() >= send.deletion_date {
err_code!("Send has been deleted", 404)
err_code!("Send does not exist or is no longer available", 404)
}
if send.disabled {
err_code!("Send has been disabled", 404)
err_code!("Send does not exist or is no longer available", 404)
}
if send.password_hash.is_some() {
@ -279,27 +279,27 @@ fn post_access_file(
) -> JsonResult {
let mut send = match Send::find_by_uuid(&send_id, &conn) {
Some(s) => s,
None => err_code!("Send not found", 404),
None => err_code!("Send does not exist or is no longer available", 404),
};
if let Some(max_access_count) = send.max_access_count {
if send.access_count >= max_access_count {
err_code!("Max access count reached", 404);
err_code!("Send does not exist or is no longer available", 404)
}
}
if let Some(expiration) = send.expiration_date {
if Utc::now().naive_utc() >= expiration {
err_code!("Send has expired", 404)
err_code!("Send does not exist or is no longer available", 404)
}
}
if Utc::now().naive_utc() >= send.deletion_date {
err_code!("Send has been deleted", 404)
err_code!("Send does not exist or is no longer available", 404)
}
if send.disabled {
err_code!("Send has been disabled", 404)
err_code!("Send does not exist or is no longer available", 404)
}
if send.password_hash.is_some() {