mirror/formbricks-formbricks
1
0
Fork 0
mirror of https://github.com/formbricks/formbricks.git synced 2026-01-05 21:32:02 -06:00
Code Issues Packages Projects Releases 100 Wiki Activity

fix: Generalise login error messages to prevent user account enumeration (#772)

Browse Source
This commit is contained in:
Shubham Palriwala
2023-09-06 07:05:45 +05:30
committed by GitHub
parent 36bd14e4f6
commit e8b54dd3ae
1 changed files with 6 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
apps/web/app/api/auth/[...nextauth]/authOptions.ts
View File

@@ -44,20 +44,17 @@ export const authOptions: NextAuthOptions = {
throw Error("Internal server error. Please try again later");
}
if (!user) {
throw new Error("User not found");
}
if (!credentials) {
throw new Error("No credentials");
if (!user || !credentials) {
throw new Error("No user matches the provided credentials");
}
if (!user.password) {
throw new Error("Incorrect password");
throw new Error("No user matches the provided credentials");
}
const isValid = await verifyPassword(credentials.password, user.password);
if (!isValid) {
throw new Error("Incorrect password");
throw new Error("No user matches the provided credentials");
}
return {
@@ -94,11 +91,11 @@ export const authOptions: NextAuthOptions = {
});
} catch (e) {
console.error(e);
throw new Error("Token is not valid or expired");
throw new Error("Either a user does not match the provided token or the token is invalid");
}
if (!user) {
throw new Error("User not found");
throw new Error("Either a user does not match the provided token or the token is invalid");
}
if (user.emailVerified) {