rede5/saveinmed
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: improve login error handling for invalid credentials

Browse source
This commit is contained in:
Tiago Yamamoto 2025-12-22 09:31:33 -03:00
parent 4ccfa629cc
commit 08d98aaeca
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
backend/internal/usecase/usecase.go
View file

@ -630,7 +630,8 @@ func (s *Service) RegisterAccount(ctx context.Context, company *domain.Company,
func (s *Service) Authenticate(ctx context.Context, username, password string) (string, time.Time, error) {
user, err := s.repo.GetUserByUsername(ctx, username)
if err != nil {
return "", time.Time{}, err
// Return generic error to avoid leaking DB details or user existence
return "", time.Time{}, errors.New("invalid credentials")
}
if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(s.pepperPassword(password))); err != nil {