Merge pull request #1 from 0xtejas/main

0xtejas · web-flow · commit ea8f7be8d5d9 · 2025-01-14T13:43:57.000+05:30
Fix issue - Information exposure through an exception
diff --git a/backend/account/views.py b/backend/account/views.py
@@ -128,8 +128,8 @@ def post(self, request):
             return Response({'message': 'Invalid or expired token. Please log in again.', 'alertColor': 'danger'}, status=400)
         except Exception as e:
             logger.error(f'Token refresh failed: {str(e)}', exc_info=True)
-            return Response({'message': 'Token refresh failed', 'error': str(e), 'alertColor': 'danger'}, status=400)            
-        
+            return Response({'message': 'Token refresh failed', 'alertColor': 'danger'}, status=400)  # Removed error details
+
 class AdminRedirectView(APIView):
     permission_classes =[IsAuthenticated]
 
@@ -164,7 +164,7 @@ def get(self, request):
             return Response({'message': 'Token is invalid or expired', 'alertColor': 'danger'}, status=401)
         except Exception as e:
             logger.error('Authentication Failed', exc_info=True)
-            return Response({'message': 'Authentication Failed', 'error': str(e), 'alertColor': 'danger'}, status=401)
+            return Response({'message': 'Authentication Failed', 'alertColor': 'danger'}, status=401)  # Removed error details
 
 class VerifyTokenView(APIView):
     permission_classes = [AllowAny]
@@ -180,7 +180,7 @@ def post(self, request):
             return Response({'message': 'Invalid or expired token'}, status=401)
         except Exception as e:
             logger.error('Token verification failed', exc_info=True)
-            return Response({'message': 'Token verification failed', 'error': str(e)}, status=400)
+            return Response({'message': 'Token verification failed', 'alertColor': 'danger'}, status=400)  # Removed error details
 
 class ProfileView(APIView):
     permission_classes = [IsAuthenticated]
