tksadik92/wrenn-releases
1
0
Fork 0
forked from wrenn/wrenn
Code Pull Requests Activity

Fix user search to trigger on 3 characters without requiring @

Browse Source 
The anti-enumeration guard required @ in the email prefix, causing the
typeahead to silently return nothing until the user typed @. Replace with
a minimum 3-character length check to match the frontend trigger condition.
This commit is contained in:
Rafeed M. Bhuiyan
2026-03-24 14:41:01 +06:00
parent b3e8bdd171
commit 71a7fdb76f
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/api/handlers_users.go
View File

@ -18,13 +18,13 @@ func newUsersHandler(svc *service.TeamService) *usersHandler {
// Search handles GET /v1/users/search?email=<prefix> // Search handles GET /v1/users/search?email=<prefix>
// Returns up to 10 users whose email starts with the given prefix. // Returns up to 10 users whose email starts with the given prefix.
// The prefix must contain "@" to scope searches and prevent broad enumeration. // The prefix must be at least 3 characters long.
func (h *usersHandler) Search(w http.ResponseWriter, r *http.Request) { func (h *usersHandler) Search(w http.ResponseWriter, r *http.Request) {
auth.MustFromContext(r.Context()) // ensure authenticated auth.MustFromContext(r.Context()) // ensure authenticated
prefix := strings.TrimSpace(r.URL.Query().Get("email")) prefix := strings.TrimSpace(r.URL.Query().Get("email"))
if !strings.Contains(prefix, "@") { if len(prefix) < 3 {
writeError(w, http.StatusBadRequest, "invalid_request", "email prefix must contain '@'") writeError(w, http.StatusBadRequest, "invalid_request", "email prefix must be at least 3 characters")
return return
} }