fix: Use HintException instead of InvalidArgumentException

To carry translated error messages intended for the end user, HintException is the correct class. Signed-off-by: Côme Chilliet <[email protected]>
nextcloud · AndyScherzinger · Sep 15, 2025 · Aug 26, 2025 · Sep 2, 2025 · Sep 12, 2025
commit 4d777f7a7941211d94febabf7f8fba289426bbcb
diff --git a/apps/provisioning_api/lib/Controller/VerificationController.php b/apps/provisioning_api/lib/Controller/VerificationController.php
@@ -9,7 +9,6 @@
 
 namespace OCA\Provisioning_API\Controller;
 
-use InvalidArgumentException;
 use OC\Security\Crypto;
 use OCP\Accounts\IAccountManager;
 use OCP\AppFramework\Controller;
@@ -18,6 +17,7 @@
 use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
 use OCP\AppFramework\Http\Attribute\OpenAPI;
 use OCP\AppFramework\Http\TemplateResponse;
+use OCP\HintException;
 use OCP\IL10N;
 use OCP\IRequest;
 use OCP\IUserManager;
@@ -69,13 +69,16 @@ public function showVerifyMail(string $token, string $userId, string $key): Temp
 		try {
 			if ($this->userSession->getUser()?->getUID() !== $userId) {
 				// not a public page, hence getUser() must return an IUser
-				throw new InvalidArgumentException($this->l10n->t('Logged in account is not mail address owner'));
+				throw new HintException(
+					'Logged in account is not mail address owner',
+					$this->l10n->t('Logged in account is not mail address owner'),
+				);
 			}
 			$email = $this->crypto->decrypt($key);
-		} catch (\Exception $e) {
+		} catch (HintException $e) {
 			return new TemplateResponse(
 				'core', 'error', [
-					'errors' => [['error' => $e->getMessage()]]
+					'errors' => [['error' => $e->getHint()]]
 				], TemplateResponse::RENDER_AS_GUEST);
 		}
 
@@ -96,7 +99,10 @@ public function verifyMail(string $token, string $userId, string $key): Template
 		$throttle = false;
 		try {
 			if ($this->userSession->getUser()?->getUID() !== $userId) {
-				throw new InvalidArgumentException($this->l10n->t('Logged in account is not mail address owner'));
+				throw new HintException(
+					'Logged in account is not mail address owner',
+					$this->l10n->t('Logged in account is not mail address owner'),
+				);
 			}
 			$email = $this->crypto->decrypt($key);
 			$ref = \substr(hash('sha256', $email), 0, 8);
@@ -109,7 +115,10 @@ public function verifyMail(string $token, string $userId, string $key): Template
 				->getPropertyByValue($email);
 
 			if ($emailProperty === null) {
-				throw new InvalidArgumentException($this->l10n->t('Email was already removed from account and cannot be confirmed anymore.'));
+				throw new HintException(
+					'Email was already removed from account and cannot be confirmed anymore.',
+					$this->l10n->t('Email was already removed from account and cannot be confirmed anymore.'),
+				);
 			}
 			$emailProperty->setLocallyVerified(IAccountManager::VERIFIED);
 			$this->accountManager->updateAccount($userAccount);
@@ -121,8 +130,8 @@ public function verifyMail(string $token, string $userId, string $key): Template
 				$throttle = true;
 				$error = $this->l10n->t('Could not verify mail because the token is invalid.');
 			}
-		} catch (InvalidArgumentException $e) {
-			$error = $e->getMessage();
+		} catch (HintException $e) {
+			$error = $e->getHint();
 		} catch (\Exception $e) {
 			$error = $this->l10n->t('An unexpected error occurred. Please contact your admin.');
 		}