feat(security): Changed to a generic login error message.

philipp-meier · Jun 1, 2024 · da2b85e · da2b85e
1 parent e349684
commit da2b85e
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/Features/Users/UserEndpointBuilderExtensions.cs b/Features/Users/UserEndpointBuilderExtensions.cs
@@ -25,7 +25,8 @@ public static void MapUserEndpoints(this IEndpointRouteBuilder endpoints)
 
             if (!result.Succeeded)
             {
-                return TypedResults.Problem(result.ToString(), statusCode: StatusCodes.Status401Unauthorized);
+                // Generic error message without hinting whether the credentials were wrong or the user exists/is locked.
+                return TypedResults.Problem("Login failed.", statusCode: StatusCodes.Status401Unauthorized);
             }
 
             // The signInManager already produced the needed response in the form of a cookie or bearer token.