Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit0fcce5f

Browse files
committed
fix: conceal sensitive domain information in auth error messages
Remove exposure of allowed domain list in OIDC authentication error messages to enhance security. Third-party contractors no longer see internal domain lists when accessing Coder with unauthorized email addresses.
1 parent7d4b3c8 commit0fcce5f

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

‎coderd/userauth.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1358,7 +1358,7 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
13581358
emailSp:=strings.Split(email,"@")
13591359
iflen(emailSp)==1 {
13601360
httpapi.Write(ctx,rw,http.StatusForbidden, codersdk.Response{
1361-
Message:fmt.Sprintf("Your email %q is notin domains %q!",email,api.OIDCConfig.EmailDomain),
1361+
Message:fmt.Sprintf("Your email %q is notfrom an authorized domain! Please contact your administrator.",email),
13621362
})
13631363
return
13641364
}
@@ -1373,7 +1373,7 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
13731373
}
13741374
if!ok {
13751375
httpapi.Write(ctx,rw,http.StatusForbidden, codersdk.Response{
1376-
Message:fmt.Sprintf("Your email %q is notin domains %q!",email,api.OIDCConfig.EmailDomain),
1376+
Message:fmt.Sprintf("Your email %q is notfrom an authorized domain! Please contact your administrator.",email),
13771377
})
13781378
return
13791379
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp