Skip to content

Commit 78ff375

Browse files
DanielleMaywoodmafredri
DanielleMaywood
and
mafredri
authored
feat: log when attempted password resets fail (coder#15267)
Closes coder#15154 Log when someone attempts to either - Request a one-time passcode for an account that doesn't exist - Attempt to change a password with an invalid one-time passcode and/or email --------- Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>
1 parent 4cad6f7 commit 78ff375

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

coderd/userauth.go

+3
Original file line numberDiff line numberDiff line change
@@ -291,6 +291,8 @@ func (api *API) postRequestOneTimePasscode(rw http.ResponseWriter, r *http.Reque
291291
if err != nil {
292292
logger.Error(ctx, "unable to notify user about one-time passcode request", slog.Error(err))
293293
}
294+
} else {
295+
logger.Warn(ctx, "password reset requested for account that does not exist", slog.F("email", req.Email))
294296
}
295297
}
296298

@@ -381,6 +383,7 @@ func (api *API) postChangePasswordWithOneTimePasscode(rw http.ResponseWriter, r
381383

382384
now := dbtime.Now()
383385
if !equal || now.After(user.OneTimePasscodeExpiresAt.Time) {
386+
logger.Warn(ctx, "password reset attempted with invalid or expired one-time passcode", slog.F("email", req.Email))
384387
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
385388
Message: "Incorrect email or one-time passcode.",
386389
})

0 commit comments

Comments
 (0)