Non-blocking observation from the security review of #2289.
In src/controllers/UsersControllers.ts, the verifyEmail handler used to log the underlying error before forwarding to next(error):
```ts
} catch (error) {
console.error('Email verification failed:', error);
next(error);
}
```
That line was dropped during the rewrite. The current shape silently forwards:
```ts
} catch (error) {
next(error);
}
```
Not a security issue (the prior log was not load-bearing), but reduces diagnosability if verifyMagicToken ever throws (e.g., DB hiccup on the magic_tokens table). Restoring the log keeps the error visible in pm2 + Sentry without changing user-facing behavior.
One-line fix.
Non-blocking observation from the security review of #2289.
In
src/controllers/UsersControllers.ts, theverifyEmailhandler used to log the underlying error before forwarding tonext(error):```ts
} catch (error) {
console.error('Email verification failed:', error);
next(error);
}
```
That line was dropped during the rewrite. The current shape silently forwards:
```ts
} catch (error) {
next(error);
}
```
Not a security issue (the prior log was not load-bearing), but reduces diagnosability if
verifyMagicTokenever throws (e.g., DB hiccup on themagic_tokenstable). Restoring the log keeps the error visible in pm2 + Sentry without changing user-facing behavior.One-line fix.