From 284082741e153943db284fdf4b80750b325932c3 Mon Sep 17 00:00:00 2001
From: InfinityPacer <160988576+InfinityPacer@users.noreply.github.com>
Date: Tue, 8 Oct 2024 01:51:45 +0800
Subject: [PATCH] feat(security): obfuscate error messages in anonymous API

---
 app/api/endpoints/user.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/api/endpoints/user.py b/app/api/endpoints/user.py
index 56172be3..ae295eaa 100644
--- a/app/api/endpoints/user.py
+++ b/app/api/endpoints/user.py
@@ -139,7 +139,7 @@ def otp_disable(
 def otp_enable(userid: str, db: Session = Depends(get_db)) -> Any:
     user: User = User.get_by_name(db, userid)
     if not user:
-        return schemas.Response(success=False, message="用户不存在")
+        return schemas.Response(success=False)
     return schemas.Response(success=user.is_otp)