[PM-30563] Change error response on Send Access token request #6911
+27
−27
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…required to protect against enumeration attacks.
test: updating tests to match new approach.
Contributor
|
New Issues (2)Checkmarx found the following issues in this Pull Request
Fixed Issues (29)Great job! The following issues were fixed in this Pull Request
|
ike-kottlowski
changed the title
Contributor
|
Claude finished @ike-kottlowski's task in 1m 54s —— View job Code Review: PM-30563 - Change error response on Send Access token requestStatus: Approved SummaryThis PR improves enumeration protection for the Send access email OTP flow by returning identical responses for valid and invalid emails, preventing attackers from determining which emails are associated with Sends. Previous Issue - RESOLVEDThe merge conflict issue identified in my previous review has been correctly fixed in commit Changes Reviewed
Key Changes
Reviewed by Claude Code |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #6911 +/- ##
==========================================
+ Coverage 56.05% 56.06% +0.01%
==========================================
Files 1971 1971
Lines 87061 87060 -1
Branches 7758 7760 +2
==========================================
+ Hits 48801 48810 +9
+ Misses 36453 36442 -11
- Partials 1807 1808 +1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Patrick-Pimentel-Bitwarden
previously approved these changes
Feb 2, 2026
Contributor
Patrick-Pimentel-Bitwarden
left a comment
Patrick-Pimentel-Bitwarden
left a comment
There was a problem hiding this comment.
👍 Changes look good.
Patrick-Pimentel-Bitwarden
approved these changes
Feb 4, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🎟️ Tracking
PM-30563
SDK PR: #717
Client PR: #18620
📔 Objective
To ensure that we return the same response for a valid and invalid email, while still sending the OTP to when the email is correct.
⏰ Reminders before review
🦮 Reviewer guidelines
:+1:) or similar for great changes:memo:) or ℹ️ (:information_source:) for notes or general info:question:) for questions:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion:art:) for suggestions / improvements:x:) or:warning:) for more significant problems or concerns needing attention:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt:pick:) for minor or nitpick changes