Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Unspecific Login Errors #176

Open
TheTedder opened this issue Aug 11, 2023 · 0 comments
Open

Feature Request: Unspecific Login Errors #176

TheTedder opened this issue Aug 11, 2023 · 0 comments
Labels
enhancement New feature or request
Milestone
MVP

Comments

@TheTedder
Copy link
Contributor

TheTedder commented Aug 11, 2023
edited
Loading

Current, the login endpoint returns a 404 not found code when the supplied email does not correspond to a user account and a 401 unauthorized code when the email corresponds to a user account but the password does not match the user's password. This is a security issue because it could be used to guess users' email addresses. The server should instead respond with a 401 if the email and password provided don't match an existing user account.

Affected Functionality

The login endpoint would need to be changed. This would be a breaking API change so the frontend would need to be notified of this too.

Other Relevant Issues

#177
@TheTedder TheTedder added the enhancement New feature or request label Aug 11, 2023
@TheTedder TheTedder added this to the MVP milestone Aug 11, 2023
@TheTedder TheTedder mentioned this issue Aug 11, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
MVP
Development

No branches or pull requests
1 participant
@TheTedder