From 08d98aaeca2f16944605954ff2bd4c66e28b0665 Mon Sep 17 00:00:00 2001
From: Tiago Yamamoto <yamamoto@rede5.com.br>
Date: Mon, 22 Dec 2025 09:31:33 -0300
Subject: [PATCH] fix: improve login error handling for invalid credentials

---
 backend/internal/usecase/usecase.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/internal/usecase/usecase.go b/backend/internal/usecase/usecase.go
index e211862..5b20b1b 100644
--- a/backend/internal/usecase/usecase.go
+++ b/backend/internal/usecase/usecase.go
@@ -630,7 +630,8 @@ func (s *Service) RegisterAccount(ctx context.Context, company *domain.Company,
 func (s *Service) Authenticate(ctx context.Context, username, password string) (string, time.Time, error) {
 	user, err := s.repo.GetUserByUsername(ctx, username)
 	if err != nil {
-		return "", time.Time{}, err
+		// Return generic error to avoid leaking DB details or user existence
+		return "", time.Time{}, errors.New("invalid credentials")
 	}
 
 	if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(s.pepperPassword(password))); err != nil {