From fae15ad66ba9a4b39f5fb8a2a905b05d226e8f87 Mon Sep 17 00:00:00 2001 From: Catherine Renelle <32781029+catrenelle@users.noreply.github.com> Date: Sun, 8 Feb 2026 21:10:07 -0500 Subject: [PATCH] Return clear error when SimpleFIN setup token is already claimed A 403 from the claim URL means the token was already used or is invalid. Throw InvalidOperationException so the middleware returns a 400 with a helpful message instead of a generic 500. Co-Authored-By: Claude Opus 4.6 --- src/Purrse.Plugins.BankSync/SimpleFinSyncProvider.cs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Purrse.Plugins.BankSync/SimpleFinSyncProvider.cs b/src/Purrse.Plugins.BankSync/SimpleFinSyncProvider.cs index e25d1b5..8d4686f 100644 --- a/src/Purrse.Plugins.BankSync/SimpleFinSyncProvider.cs +++ b/src/Purrse.Plugins.BankSync/SimpleFinSyncProvider.cs @@ -30,6 +30,8 @@ public class SimpleFinSyncProvider : IAccountSyncProvider var claimUrl = Encoding.UTF8.GetString(Convert.FromBase64String(setupToken)); var response = await _httpClient.PostAsync(claimUrl, new StringContent(string.Empty)); + if (response.StatusCode == System.Net.HttpStatusCode.Forbidden) + throw new InvalidOperationException("Setup token has already been claimed or is invalid. Please generate a new token from SimpleFIN Bridge."); response.EnsureSuccessStatusCode(); var accessUrl = await response.Content.ReadAsStringAsync();