all repos

onasty @ 49ba283475c3e2ad4a464b4d2f923aad6b161b50

a one-time notes service
5 files changed, 7 insertions(+), 10 deletions(-) 
fix: don't return "wrong credentials" (#201)
Author: Oleksandr Smirnov olexsmir@gmail.com
Committed by: GitHub noreply@github.com
Committed at: 2025-08-31 19:22:27 +0300
Parent: e9424c1
jump to
M e2e/apiv1_auth_test.go
M internal/models/user.go
M internal/service/authsrv/authsrv.go
M internal/service/usersrv/usersrv.go
M internal/transport/http/apiv1/response.go
M e2e/apiv1_auth_test.go 
···
        227
        227
         			email:        "wrong@email.com",

      
        228
        228
         			password:     e.uuid(),

      
        229
        229
         			expectedCode: http.StatusBadRequest,

      
        230
        
        -			expectedMsg:  models.ErrUserWrongCredentials.Error(),

      
        
        230
        +			expectedMsg:  models.ErrUserNotFound.Error(),

      
        231
        231
         		},

      
        232
        232
         		{

      
        233
        233
         			name:         "wrong password",

      
        234
        234
         			email:        email,

      
        235
        235
         			password:     "wrong-wrong",

      
        236
        236
         			expectedCode: http.StatusBadRequest,

      
        237
        
        -			expectedMsg:  models.ErrUserWrongCredentials.Error(),

      
        
        237
        +			expectedMsg:  models.ErrUserNotFound.Error(),

      
        238
        238
         		},

      
        239
        239
         	}

      
        240
        240
         

      ···
        381
        381
         

      
        382
        382
         	var body errorResponse

      
        383
        383
         	e.readBodyAndUnjsonify(httpResp.Body, &body)

      
        384
        
        -	e.Equal(models.ErrUserWrongCredentials.Error(), body.Message)

      
        
        384
        +	e.Equal(models.ErrUserNotFound.Error(), body.Message)

      
        385
        385
         

      
        386
        386
         	userDB := e.getUserByEmail(email)

      
        387
        387
M internal/models/user.go 
···
        11
        11
         var (

      
        12
        12
         	ErrUserEmailIsAlreadyInUse = errors.New("user: email is already in use")

      
        13
        13
         	ErrUserIsAlreadyVerified   = errors.New("user: user is already verified")

      
        
        14
        +	ErrUserIsNotActivated      = errors.New("user: user is not activated")

      
        
        15
        +	ErrUserNotFound            = errors.New("user: not found")

      
        14
        16
         

      
        15
        17
         	ErrResetPasswordTokenAlreadyUsed = errors.New("reset password token is already used")

      
        16
        18
         	ErrVerificationTokenNotFound     = errors.New("user: verification token not found")

      
        17
        
        -	ErrUserIsNotActivated            = errors.New("user: user is not activated")

      
        18
        
        -

      
        19
        
        -	ErrUserNotFound         = errors.New("user: not found")

      
        20
        
        -	ErrUserWrongCredentials = errors.New("user: wrong credentials")

      
        21
        19
         

      
        22
        20
         	ErrUserInvalidEmail    = errors.New("user: invalid email")

      
        23
        21
         	ErrUserInvalidPassword = errors.New("user: password too short, minimum 6 chars")
M internal/service/authsrv/authsrv.go 
···
        171
        171
         

      
        172
        172
         	if err = a.hasher.Compare(user.Password, inp.Password); err != nil {

      
        173
        173
         		if errors.Is(err, hasher.ErrMismatchedHashes) {

      
        174
        
        -			return dtos.Tokens{}, models.ErrUserWrongCredentials

      
        
        174
        +			return dtos.Tokens{}, models.ErrUserNotFound

      
        175
        175
         		}

      
        176
        176
         		return dtos.Tokens{}, err

      
        177
        177
         	}
M internal/service/usersrv/usersrv.go 
···
        116
        116
         	}

      
        117
        117
         

      
        118
        118
         	if err = u.hasher.Compare(user.Password, inp.CurrentPassword); err != nil {

      
        119
        
        -		return models.ErrUserWrongCredentials

      
        
        119
        +		return models.ErrUserNotFound

      
        120
        120
         	}

      
        121
        121
         

      
        122
        122
         	newPass, err := u.hasher.Hash(inp.NewPassword)
M internal/transport/http/apiv1/response.go 
···
        28
        28
         		errors.Is(err, models.ErrUserInvalidEmail) ||

      
        29
        29
         		errors.Is(err, models.ErrUserInvalidPassword) ||

      
        30
        30
         		errors.Is(err, models.ErrUserNotFound) ||

      
        31
        
        -		errors.Is(err, models.ErrUserWrongCredentials) ||

      
        32
        31
         		// notes

      
        33
        32
         		errors.Is(err, notesrv.ErrNotePasswordNotProvided) ||

      
        34
        33
         		errors.Is(err, models.ErrNoteContentIsEmpty) ||