From 82e850070cc592f4e78d72d7e32b173b48c5e26f Mon Sep 17 00:00:00 2001 From: mkelvers Date: Tue, 16 Jun 2026 00:28:27 +0200 Subject: [PATCH] auth: replace opaque invalid credentials with sentinel errors --- internal/auth/service.go | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/internal/auth/service.go b/internal/auth/service.go index e7b3086..a8e2ede 100644 --- a/internal/auth/service.go +++ b/internal/auth/service.go @@ -17,6 +17,11 @@ import ( "golang.org/x/crypto/bcrypt" ) +var ( + ErrUserNotFound = fmt.Errorf("user not found") + ErrWrongPassword = fmt.Errorf("wrong password") +) + type authService struct { repo domain.AuthRepository auditSvc domain.AuditService @@ -32,11 +37,11 @@ func (s *authService) Login(ctx context.Context, username, password string) (*do return nil, err } if user == nil { - return nil, errors.New("invalid credentials") + return nil, ErrUserNotFound } if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(password)); err != nil { - return nil, errors.New("invalid credentials") + return nil, ErrWrongPassword } sessionID := uuid.New().String() @@ -49,11 +54,11 @@ func (s *authService) LoginForAPIToken(ctx context.Context, username, password, return "", nil, err } if user == nil { - return "", nil, errors.New("invalid credentials") + return "", nil, ErrUserNotFound } if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(password)); err != nil { - return "", nil, errors.New("invalid credentials") + return "", nil, ErrWrongPassword } trimmedName := strings.TrimSpace(name)