fix: restrict email one time sign in token to same browser (#1144)

2026-02-12 12:41:19 +00:00 · 2025-12-12 14:51:07 +01:00
parent 0a6ff6f84b
commit 3eaf36aae7
11 changed files with 76 additions and 32 deletions
--- a/backend/internal/common/errors.go
+++ b/backend/internal/common/errors.go
@@ -38,6 +38,13 @@ type TokenInvalidOrExpiredError struct{}
 func (e *TokenInvalidOrExpiredError) Error() string       { return "token is invalid or expired" }
 func (e *TokenInvalidOrExpiredError) HttpStatusCode() int { return 400 }

+type DeviceCodeInvalid struct{}
+
+func (e *DeviceCodeInvalid) Error() string {
+	return "one time access code must be used on the device it was generated for"
+}
+func (e *DeviceCodeInvalid) HttpStatusCode() int { return 400 }
+
 type TokenInvalidError struct{}

 func (e *TokenInvalidError) Error() string {