Expose less detailed errors for changing primary email to avoid it being too easy to enumate emails

Author: Lan2u

src/commands/members/change-primary-email.ts

@@ -24,30 +24,26 @@ const process: Command<ChangeMemberPrimaryEmail>['process'] = input => {
   if (state === undefined) {
     return TE.left(
       failureWithStatus(
-        'The requested member does not exist',
+        'Invalid request',
         StatusCodes.NOT_FOUND
       )()
     );
   }
 
   const emailAddress = normaliseEmailAddress(input.command.email);
   const email = state.emails[emailAddress];
-  if (!email) {
+  if (
+    !email ||
+    !email.verified
+  ) {
     return TE.left(
       failureWithStatus(
-        'The requested email address is not attached to this member',
-        StatusCodes.BAD_REQUEST
-      )()
-    );
-  }
-  if (!email.verified) {
-    return TE.left(
-      failureWithStatus(
-        'The requested email address must be verified before it can be made primary',
+        'Invalid request',
         StatusCodes.BAD_REQUEST
       )()
     );
   }
+
   if (state.primaryEmailAddress === emailAddress) {
     return TE.right(O.none);
   }

tests/commands/members/email-management.test.ts

@@ -135,7 +135,7 @@ describe('member email commands', () => {
 
     expect(result).toMatchObject({
       message:
-        'The requested email address must be verified before it can be made primary',
+        'Invalid request',
       status: StatusCodes.BAD_REQUEST,
     });
   });