Skip to content

Commit 78ff375

Browse files
DanielleMaywoodmafredri
DanielleMaywood
and
mafredri
authored
feat: log when attempted password resets fail (coder#15267)
Closes coder#15154 Log when someone attempts to either - Request a one-time passcode for an account that doesn't exist - Attempt to change a password with an invalid one-time passcode and/or email --------- Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>
1 parent 4cad6f7 commit 78ff375

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

coderd/userauth.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -291,6 +291,8 @@ func (api *API) postRequestOneTimePasscode(rw http.ResponseWriter, r *http.Reque
291291
if err != nil {
292292
logger.Error(ctx, "unable to notify user about one-time passcode request", slog.Error(err))
293293
}
294+
} else {
295+
logger.Warn(ctx, "password reset requested for account that does not exist", slog.F("email", req.Email))
294296
}
295297
}
296298

@@ -381,6 +383,7 @@ func (api *API) postChangePasswordWithOneTimePasscode(rw http.ResponseWriter, r
381383

382384
now := dbtime.Now()
383385
if !equal || now.After(user.OneTimePasscodeExpiresAt.Time) {
386+
logger.Warn(ctx, "password reset attempted with invalid or expired one-time passcode", slog.F("email", req.Email))
384387
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
385388
Message: "Incorrect email or one-time passcode.",
386389
})

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy