From 4b6a574ee0e7ab4362c188be646369f2c440eb6c Mon Sep 17 00:00:00 2001 From: Miro Prasil Date: Tue, 23 Mar 2021 13:39:09 +0000 Subject: [PATCH] Return generic message when Send not available This should help avoid leaking information about (non)existence of Send and be more in line with what official server returns. --- src/api/core/sends.rs | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/api/core/sends.rs b/src/api/core/sends.rs index 2b1c4334..c63266da 100644 --- a/src/api/core/sends.rs +++ b/src/api/core/sends.rs @@ -228,27 +228,27 @@ pub struct SendAccessData { fn post_access(access_id: String, data: JsonUpcase, conn: DbConn) -> JsonResult { let mut send = match Send::find_by_access_id(&access_id, &conn) { Some(s) => s, - None => err_code!("Send not found", 404), + None => err_code!("Send does not exist or is no longer available", 404), }; if let Some(max_access_count) = send.max_access_count { if send.access_count >= max_access_count { - err_code!("Max access count reached", 404); + err_code!("Send does not exist or is no longer available", 404); } } if let Some(expiration) = send.expiration_date { if Utc::now().naive_utc() >= expiration { - err_code!("Send has expired", 404) + err_code!("Send does not exist or is no longer available", 404) } } if Utc::now().naive_utc() >= send.deletion_date { - err_code!("Send has been deleted", 404) + err_code!("Send does not exist or is no longer available", 404) } if send.disabled { - err_code!("Send has been disabled", 404) + err_code!("Send does not exist or is no longer available", 404) } if send.password_hash.is_some() { @@ -279,27 +279,27 @@ fn post_access_file( ) -> JsonResult { let mut send = match Send::find_by_uuid(&send_id, &conn) { Some(s) => s, - None => err_code!("Send not found", 404), + None => err_code!("Send does not exist or is no longer available", 404), }; if let Some(max_access_count) = send.max_access_count { if send.access_count >= max_access_count { - err_code!("Max access count reached", 404); + err_code!("Send does not exist or is no longer available", 404) } } if let Some(expiration) = send.expiration_date { if Utc::now().naive_utc() >= expiration { - err_code!("Send has expired", 404) + err_code!("Send does not exist or is no longer available", 404) } } if Utc::now().naive_utc() >= send.deletion_date { - err_code!("Send has been deleted", 404) + err_code!("Send does not exist or is no longer available", 404) } if send.disabled { - err_code!("Send has been disabled", 404) + err_code!("Send does not exist or is no longer available", 404) } if send.password_hash.is_some() {