Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better error on creating users #6247

Merged
merged 1 commit into from
Dec 5, 2024
Merged

Better error on creating users #6247

merged 1 commit into from
Dec 5, 2024

Conversation

RubenGeo
Copy link
Contributor

@RubenGeo RubenGeo commented Dec 5, 2024
edited by azure-boards bot
Loading

AB#31950

Describe your changes

Checklist before requesting a review

  • I have performed a self-review of my code
  • I have added tests wherever relevant
  • I have made sure that all automated checks pass before requesting a review
  • I do not need any deviation from our PR guidelines

@RubenGeo RubenGeo added the bugfix Something that affects our end users is fixed label Dec 5, 2024
@RubenGeo RubenGeo force-pushed the fix.username-message branch from 2c6e4ec to f3ceef5 Compare December 5, 2024 10:16
@RubenGeo RubenGeo force-pushed the fix.username-message branch from f3ceef5 to c489256 Compare December 5, 2024 12:06
elwinschmitz
elwinschmitz reviewed Dec 5, 2024
View reviewed changes
Copy link
Member

@elwinschmitz elwinschmitz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This endpoint fits within the "stricter rate-limits"-set, right?

Because with this error (also the original error), you could "find out" if certain accounts exist on the system already...

But having no information on an error for the Cash IM users would also not be very helpful...

But still, in essence, this change doesn't really make the already existing 'vulnerability' any greater.. As you're only returning data that's been provided in the request. Its only "more convenient"...

@RubenGeo
Copy link
Contributor Author

RubenGeo commented Dec 5, 2024

Very point Elwin. But considering this is an Organiaztion admin only endpoint it's fine. As that user can already read all users in the system. If we make an open endpoint like this we should reconsider

@RubenGeo RubenGeo enabled auto-merge (squash) December 5, 2024 14:10
@RubenGeo RubenGeo force-pushed the fix.username-message branch from c489256 to 57ac249 Compare December 5, 2024 14:10
@RubenGeo
Better error on creating users
2cfc0f8 
Signed-off-by: Ruben <vandervalk@geoit.nl>
@RubenGeo RubenGeo force-pushed the fix.username-message branch from 57ac249 to 2cfc0f8 Compare December 5, 2024 14:11
@elwinschmitz
Copy link
Member

Ah, yes. Even better. ;)

@RubenGeo RubenGeo merged commit f38f170 into main Dec 5, 2024
6 checks passed
@RubenGeo RubenGeo deleted the fix.username-message branch December 5, 2024 14:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elwinschmitz elwinschmitz elwinschmitz approved these changes

Assignees
No one assigned
Labels
bugfix Something that affects our end users is fixed
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@RubenGeo @elwinschmitz