0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-01-07 01:00:08 -05:00

Return generic message when Send not available

This should help avoid leaking information about (non)existence of Send
and be more in line with what official server returns.
This commit is contained in:
Miro Prasil 2021-03-23 13:39:09 +00:00
parent f9ebb780f9
commit 4b6a574ee0

View file

@ -228,27 +228,27 @@ pub struct SendAccessData {
fn post_access(access_id: String, data: JsonUpcase<SendAccessData>, conn: DbConn) -> JsonResult { fn post_access(access_id: String, data: JsonUpcase<SendAccessData>, conn: DbConn) -> JsonResult {
let mut send = match Send::find_by_access_id(&access_id, &conn) { let mut send = match Send::find_by_access_id(&access_id, &conn) {
Some(s) => s, Some(s) => s,
None => err_code!("Send not found", 404), None => err_code!("Send does not exist or is no longer available", 404),
}; };
if let Some(max_access_count) = send.max_access_count { if let Some(max_access_count) = send.max_access_count {
if send.access_count >= max_access_count { if send.access_count >= max_access_count {
err_code!("Max access count reached", 404); err_code!("Send does not exist or is no longer available", 404);
} }
} }
if let Some(expiration) = send.expiration_date { if let Some(expiration) = send.expiration_date {
if Utc::now().naive_utc() >= expiration { if Utc::now().naive_utc() >= expiration {
err_code!("Send has expired", 404) err_code!("Send does not exist or is no longer available", 404)
} }
} }
if Utc::now().naive_utc() >= send.deletion_date { if Utc::now().naive_utc() >= send.deletion_date {
err_code!("Send has been deleted", 404) err_code!("Send does not exist or is no longer available", 404)
} }
if send.disabled { if send.disabled {
err_code!("Send has been disabled", 404) err_code!("Send does not exist or is no longer available", 404)
} }
if send.password_hash.is_some() { if send.password_hash.is_some() {
@ -279,27 +279,27 @@ fn post_access_file(
) -> JsonResult { ) -> JsonResult {
let mut send = match Send::find_by_uuid(&send_id, &conn) { let mut send = match Send::find_by_uuid(&send_id, &conn) {
Some(s) => s, Some(s) => s,
None => err_code!("Send not found", 404), None => err_code!("Send does not exist or is no longer available", 404),
}; };
if let Some(max_access_count) = send.max_access_count { if let Some(max_access_count) = send.max_access_count {
if send.access_count >= max_access_count { if send.access_count >= max_access_count {
err_code!("Max access count reached", 404); err_code!("Send does not exist or is no longer available", 404)
} }
} }
if let Some(expiration) = send.expiration_date { if let Some(expiration) = send.expiration_date {
if Utc::now().naive_utc() >= expiration { if Utc::now().naive_utc() >= expiration {
err_code!("Send has expired", 404) err_code!("Send does not exist or is no longer available", 404)
} }
} }
if Utc::now().naive_utc() >= send.deletion_date { if Utc::now().naive_utc() >= send.deletion_date {
err_code!("Send has been deleted", 404) err_code!("Send does not exist or is no longer available", 404)
} }
if send.disabled { if send.disabled {
err_code!("Send has been disabled", 404) err_code!("Send does not exist or is no longer available", 404)
} }
if send.password_hash.is_some() { if send.password_hash.is_some() {