Skip to content

Commit ff34fcc

Browse files
author
Claude AI
committed
fix: conceal sensitive domain information in auth error messages
Remove exposure of allowed domain list in OIDC authentication error messages to enhance security. Third-party contractors no longer see internal domain lists when accessing Coder with unauthorized email addresses.
1 parent 7d4b3c8 commit ff34fcc

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

coderd/userauth.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1358,7 +1358,7 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
13581358
emailSp := strings.Split(email, "@")
13591359
if len(emailSp) == 1 {
13601360
httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{
1361-
Message: fmt.Sprintf("Your email %q is not in domains %q!", email, api.OIDCConfig.EmailDomain),
1361+
Message: fmt.Sprintf("Your email %q is not from an authorized domain! Please contact your administrator.", email),
13621362
})
13631363
return
13641364
}
@@ -1373,7 +1373,7 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
13731373
}
13741374
if !ok {
13751375
httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{
1376-
Message: fmt.Sprintf("Your email %q is not in domains %q!", email, api.OIDCConfig.EmailDomain),
1376+
Message: fmt.Sprintf("Your email %q is not from an authorized domain! Please contact your administrator.", email),
13771377
})
13781378
return
13791379
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy