CaptchaChallengeService returns true if user is unknown (!85473) · Merge requests · GitLab.org / GitLab

Paul Gascou-Vaillancourt requested to merge 359756-no-404-captcha-check into master Apr 20, 2022

This changes CaptchaChallengeService's behavior so that it returns true instead of a 404 when checking a user that does not exist. This should prevent this endpoint from being used to scrape for valid email addresses.

Related to #359756

Edited Apr 21, 2022 by Paul Gascou-Vaillancourt

CaptchaChallengeService returns true if user is unknown

Merge request reports