bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2026-02-17 09:59:14 +00:00
Code Issues Releases Wiki Activity

feat: remove invalid email response and instead return email and OTP required to protect against enumeration attacks.

Browse Source
This commit is contained in:
Ike Kottlowski
2026-01-27 22:09:22 -05:00
parent 2a458807a5
commit 41348b3158
4 changed files with 17 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
test/Identity.Test/IdentityServer/SendAccess/SendConstantsSnapshotTests.cs
View File

@@ -48,9 +48,8 @@ public class SendConstantsSnapshotTests
public void EmailOtpValidatorResults_Constants_HaveCorrectValues()
{
// Assert
Assert.Equal("email_invalid", SendAccessConstants.EmailOtpValidatorResults.EmailInvalid);
Assert.Equal("email_required", SendAccessConstants.EmailOtpValidatorResults.EmailRequired);
Assert.Equal("email_and_otp_required_otp_sent", SendAccessConstants.EmailOtpValidatorResults.EmailOtpSent);
Assert.Equal("email_and_otp_required", SendAccessConstants.EmailOtpValidatorResults.EmailAndOtpRequired);
Assert.Equal("otp_invalid", SendAccessConstants.EmailOtpValidatorResults.EmailOtpInvalid);
Assert.Equal("otp_generation_failed", SendAccessConstants.EmailOtpValidatorResults.OtpGenerationFailed);
}