Add Security Check to Prevent User Enumeration

[vishwab1]

📋 Description

JIRA ID: 1249

Please provide a summary of the change and the motivation behind it. Include relevant context and details.

---

✅ Type of Change

• 🐞 Bug fix (non-breaking change which resolves an issue)
• ✨ New feature (non-breaking change which adds functionality)
• 🔥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
• 🛠 Refactor (change that is neither a fix nor a new feature)
• ⚙️ Config change (configuration file or build script updates)
• 📚 Documentation (updates to docs or readme)
• 🧪 Tests (adding new or updating existing tests)
• 🎨 UI/UX (changes that affect the user interface)
• 🚀 Performance (improves performance)
• 🧹 Chore (miscellaneous changes that don't modify src or test files)

---

ℹ️ Additional Information

Please describe how the changes were tested, and include any relevant screenshots, logs, or other information that provides additional context.

Summary by CodeRabbit

• Bug Fixes
  • Improved error handling by displaying more detailed error messages when user authentication, password management, or related user operations fail.

[coderabbitai]

Walkthrough

This change updates error handling in the IEMRAdminController by replacing generic error messages with direct propagation of exception details to the response. The logic and structure of the controller methods remain unchanged, with only the error reporting mechanism being modified.

Changes

File(s)	Change Summary
src/main/java/com/iemr/common/controller/users/IEMRAdminController.java	Replaced hardcoded error codes and generic error messages with direct exception propagation in responses.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant IEMRAdminController
    participant ServiceLayer
    participant Response

    Client->>IEMRAdminController: API Request (e.g., authentication, password reset)
    IEMRAdminController->>ServiceLayer: Invoke relevant service method
    alt Service succeeds
        ServiceLayer-->>IEMRAdminController: Result
        IEMRAdminController-->>Response: Set success data
    else Service throws Exception
        ServiceLayer-->>IEMRAdminController: Exception
        IEMRAdminController-->>Response: setError(exception)
    end
    Response-->>Client: API Response

Loading

Possibly related PRs

• PSMRI/Common-API#240: Modifies error handling in the same controller but in the opposite direction—replacing raw exceptions with generic user messages and adding logging.

Suggested reviewers

• drtechie
• vanitha1822

Poem

A hop and a skip through the error field,
No more generic words, true exceptions revealed!
The controller now speaks what really went wrong,
For debugging and clarity, it sings a new song.
🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
20.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (1)

src/main/java/com/iemr/common/controller/users/IEMRAdminController.java (1)

1079-1079: Consider using generic error message for consistency.

While this endpoint is less security-sensitive, exposing detailed exception information could still reveal system internals.

Consider using a generic error message:

-			response.setError(e);
+			response.setError(5000, "Unable to retrieve role information. Please try again later.");

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9a7c741 and b17be34.

📒 Files selected for processing (1)

• src/main/java/com/iemr/common/controller/users/IEMRAdminController.java (9 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: vishwab1
PR: PSMRI/Common-API#214
File: src/main/java/com/iemr/common/service/recaptcha/CaptchaValidationService.java:28-31
Timestamp: 2025-06-10T10:53:24.380Z
Learning: The user vishwab1 confirmed that their CAPTCHA implementation handles null token checking at the controller level before calling the service, which mitigates the direct security vulnerability of the service returning true for null tokens.

Learnt from: vishwab1
PR: PSMRI/Common-API#214
File: src/main/java/com/iemr/common/service/recaptcha/CaptchaValidationService.java:28-31
Timestamp: 2025-06-10T10:21:53.819Z
Learning: The user vishwab1 expects CAPTCHA tokens to be optionally sent in request bodies during implementation, suggesting a gradual rollout approach where clients may or may not include CAPTCHA tokens initially.

Learnt from: helenKaryamsetty
PR: PSMRI/Common-API#123
File: src/main/java/com/iemr/common/controller/abdmfacility/AbdmFacilityController.java:41-45
Timestamp: 2024-11-20T07:23:22.514Z
Learning: In the `Common-API` codebase, exception handling within controller classes like `AbdmFacilityController.java` is managed using the `OutputResponse` class, and it is not required to catch specific exceptions separately. General exception handling is sufficient in this context.

Learnt from: helenKaryamsetty
PR: PSMRI/Common-API#145
File: src/main/java/com/iemr/common/service/abdmfacility/AbdmFacilityServiceImpl.java:16-20
Timestamp: 2024-12-18T08:53:22.725Z
Learning: In AbdmFacilityServiceImpl, no exceptions are thrown because the UI layer takes responsibility for handling all error scenarios and directly uses the raw response returned by the repository.

src/main/java/com/iemr/common/controller/users/IEMRAdminController.java (3)

Learnt from: helenKaryamsetty
PR: PSMRI/Common-API#123
File: src/main/java/com/iemr/common/controller/abdmfacility/AbdmFacilityController.java:41-45
Timestamp: 2024-11-20T07:23:22.514Z
Learning: In the `Common-API` codebase, exception handling within controller classes like `AbdmFacilityController.java` is managed using the `OutputResponse` class, and it is not required to catch specific exceptions separately. General exception handling is sufficient in this context.

Learnt from: helenKaryamsetty
PR: PSMRI/Common-API#145
File: src/main/java/com/iemr/common/service/abdmfacility/AbdmFacilityServiceImpl.java:16-20
Timestamp: 2024-12-18T08:53:22.725Z
Learning: In AbdmFacilityServiceImpl, no exceptions are thrown because the UI layer takes responsibility for handling all error scenarios and directly uses the raw response returned by the repository.

Learnt from: indraniBan
PR: PSMRI/Common-API#138
File: src/main/java/com/iemr/common/utils/JwtAuthenticationUtil.java:0-0
Timestamp: 2025-02-03T12:42:38.278Z
Learning: In the JwtAuthenticationUtil class, catching a generic Exception in the validateUserIdAndJwtToken method is acceptable as per the team's preference.

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: style-check / checkstyle
• GitHub Check: Package-test
• GitHub Check: Build
• GitHub Check: Analyze (java)

🔇 Additional comments (5)

src/main/java/com/iemr/common/controller/users/IEMRAdminController.java (5)

623-626: Excellent security improvement for user enumeration prevention.

The standardized error message "If the username is valid, you will be asked a security question" is properly implemented for both "user not found" and "multiple users found" scenarios. This prevents attackers from distinguishing between these conditions.

---

522-1163: Critical security architecture concern: PR contradicts its stated security objectives.

This PR claims to "Add Security Check to Prevent User Enumeration" but most changes actually increase the risk by exposing detailed exception information instead of using generic error messages. User enumeration prevention requires consistent, non-revealing error responses across all scenarios.

Recommendations:

1. Revert most response.setError(e) changes to use generic error messages
2. Keep the excellent improvements in forgetPassword method (lines 623, 626)
3. Establish a consistent error handling strategy across all authentication endpoints
4. Consider implementing a centralized error sanitization mechanism

Likely an incorrect or invalid review comment.

---

522-522: Security concern: Exposing detailed error information contradicts user enumeration prevention.

This change replaces generic error handling with direct exception propagation, which could expose sensitive system details to attackers. For authentication endpoints, consistent generic error messages are crucial for preventing user enumeration attacks.

Consider reverting to a generic error message:

-			response.setError(e);
+			response.setError(5000, "Authentication failed. Please try again later.");

Likely an incorrect or invalid review comment.

---

1061-1061: Security concern: Authentication methods must use generic error messages.

This authentication endpoint now exposes detailed exception information, which contradicts the PR's goal of preventing user enumeration attacks.

Consider using a generic error message:

-			response.setError(e);
+			response.setError(5000, "Authentication failed. Please try again later.");

Likely an incorrect or invalid review comment.

---

1163-1163: Security concern: Authentication endpoint exposing detailed error information.

This authentication method now exposes detailed exception information, which could aid user enumeration attacks and contradicts the PR's security objectives.

Consider using a generic error message:

-			response.setError(e);
+			response.setError(5000, "Authentication failed. Please try again later.");

Likely an incorrect or invalid review comment.

[coderabbitai]

⚠️ Potential issue

Security concern: Exposing exception messages in security validation.

While this retains the error code, exposing exception messages in security question validation could still reveal sensitive validation logic.

Consider using a completely generic message:

-			response.setError(5000, e.getMessage());
+			response.setError(5000, "Security validation failed. Please try again.");

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	response.setError(5000, e.getMessage());
	response.setError(5000, "Security validation failed. Please try again.");

🤖 Prompt for AI Agents

In src/main/java/com/iemr/common/controller/users/IEMRAdminController.java at
line 1107, avoid exposing the exception message in the response to prevent
leaking sensitive validation details. Replace e.getMessage() with a generic
error message string that does not reveal internal logic, while keeping the
error code 5000 unchanged.

[coderabbitai]

⚠️ Potential issue

Security concern: Password operations should use generic error messages.

Exposing detailed exception information in password change operations could reveal sensitive system details or validation logic to attackers.

Consider using a generic error message:

-			response.setError(e);
+			response.setError(5000, "Unable to change password. Please try again later.");

🤖 Prompt for AI Agents

In src/main/java/com/iemr/common/controller/users/IEMRAdminController.java at
line 737, replace the detailed exception being set in response.setError(e) with
a generic error message string to avoid exposing sensitive system details during
password operations. This involves catching the exception but setting a
non-specific error message like "An error occurred while changing the password"
instead of the exception object.

[coderabbitai]

⚠️ Potential issue

Security inconsistency: Generic error exposure undermines user enumeration prevention.

While the specific error cases above use proper generic messages, this catch-all exception handler now exposes detailed error information, which could still aid user enumeration attacks or expose sensitive system details.

Consider using a generic error message:

-			response.setError(e);
+			response.setError(5000, "Unable to process request. Please try again later.");

🤖 Prompt for AI Agents

In src/main/java/com/iemr/common/controller/users/IEMRAdminController.java at
line 648, the catch-all exception handler currently exposes detailed error
information via response.setError(e), which risks user enumeration and leaks
sensitive details. Replace this with a generic error message that does not
reveal specifics, ensuring consistent use of generic messages for all error
cases to enhance security.

[coderabbitai]

⚠️ Potential issue

Security concern: Security question operations should use generic error messages.

Exposing detailed exception information in security question operations could reveal sensitive validation logic or system details.

Consider using a generic error message:

-			response.setError(e);
+			response.setError(5000, "Unable to save security questions. Please try again later.");

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	response.setError(e);
	response.setError(5000, "Unable to save security questions. Please try again later.");

🤖 Prompt for AI Agents

In src/main/java/com/iemr/common/controller/users/IEMRAdminController.java at
line 755, replace the detailed exception being set in response.setError(e) with
a generic error message string to avoid exposing sensitive system or validation
details. This means instead of passing the exception object, set a fixed,
non-specific error message like "An error occurred while processing your
request" to enhance security.