BUG: Bot leaks authentication link in public channel when user's DMs are blockedΒ #108
Description
Is there an existing issue for this?
- I have searched the existing issues
What happened?
π Issue Overview
Currently, the Discord bot attempts to send an authentication link to a user via Direct Message (DM) when a user initiates the authentication process. However, if the user has their DMs blocked, the bot defaults to sending the authentication link in the public channel where the command was invoked. This is a security and privacy concern as it exposes a sensitive, user-specific link to everyone in the channel.
π Steps to Reproduce
- Block Direct Messages from server members in your Discord privacy settings.
- In a public channel on the server, use the command to trigger the authentication process
!verify_github. - The bot will attempt to send you a DM and fail.
- Observe that the bot then posts the authentication link in the public channel.
π― Expected Behavior
The bot should send the authentication link in a private, ephemeral message to the user in the channel, irrespective if the DMs are blocked or not. This message with the auth link should only be visible to the user who triggered the command.
π¨ Actual Behavior
The bot sends the authentication link in the public channel, visible to all members of that channel.
π· Screenshot
This should not happen.
Rather it should look like this example-
π‘ Suggested Improvements
- When the authentication command is triggered, the bot should NOT attempt to send the DM as it does now.
- Instead the bot should send the link to the public channel visible to only that user who triggered it.
Record
- I agree to follow this project's Code of Conduct
- I want to work on this issue