synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: log when attempted password resets fail (#15267)

Browse Source 
Closes https://github.com/coder/coder/issues/15154

Log when someone attempts to either
- Request a one-time passcode for an account that doesn't exist
- Attempt to change a password with an invalid one-time passcode and/or
email

---------

Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>
This commit is contained in:
Danielle Maywood
2024-10-29 12:19:56 +00:00
committed by GitHub
parent 4cad6f75a9
commit 78ff375fed
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
coderd/userauth.go
View File

@ -291,6 +291,8 @@ func (api *API) postRequestOneTimePasscode(rw http.ResponseWriter, r *http.Reque
if err != nil {
logger.Error(ctx, "unable to notify user about one-time passcode request", slog.Error(err))
}
} else {
logger.Warn(ctx, "password reset requested for account that does not exist", slog.F("email", req.Email))
}
}
@ -381,6 +383,7 @@ func (api *API) postChangePasswordWithOneTimePasscode(rw http.ResponseWriter, r
now := dbtime.Now()
if !equal || now.After(user.OneTimePasscodeExpiresAt.Time) {
logger.Warn(ctx, "password reset attempted with invalid or expired one-time passcode", slog.F("email", req.Email))
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
Message: "Incorrect email or one-time passcode.",
})