Skip to content

Commit

Permalink
Merge pull request #1079 from CakeDC/feature/37116.cake4
Browse files Browse the repository at this point in the history
respond with a generic message instead of 'That account does not exist'
  • Loading branch information
steinkel authored Mar 13, 2024
2 parents 3ae0426 + 5da6e89 commit a4b213c
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 13 deletions.
14 changes: 7 additions & 7 deletions src/Controller/Traits/PasswordManagementTrait.php
Original file line number Diff line number Diff line change
Expand Up @@ -164,20 +164,20 @@ public function requestResetPassword()
'type' => 'password',
]);
if ($resetUser) {
$msg = __d('cake_d_c/users', 'Please check your email to continue with password reset process');
$msg = __d('cake_d_c/users', 'If the account is valid, the system will send an instructional email to the address on record.');
$this->Flash->success($msg);
} else {
$msg = __d('cake_d_c/users', 'The password token could not be generated. Please try again');
$msg = __d('cake_d_c/users', 'There was an error please contact Administrator');
$this->Flash->error($msg);
}

return $this->redirect(['action' => 'login']);
} catch (UserNotFoundException $exception) {
$this->Flash->error(__d('cake_d_c/users', 'User {0} was not found', $reference));
} catch (UserNotActiveException $exception) {
$this->Flash->error(__d('cake_d_c/users', 'The user is not active'));
} catch (UserNotFoundException | UserNotActiveException $exception) {
$msg = __d('cake_d_c/users', 'If the account is valid, the system will send an instructional email to the address on record.');
$this->Flash->success($msg);
} catch (Exception $exception) {
$this->Flash->error(__d('cake_d_c/users', 'Token could not be reset'));
$msg = __d('cake_d_c/users', 'There was an error please contact Administrator');
$this->Flash->error($msg);
$this->log($exception->getMessage());
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ public function testRequestResetPasswordPostValidEmail()
];
$this->post('/users/request-reset-password', $data);
$this->assertRedirect('/login');
$this->assertFlashMessage('Please check your email to continue with password reset process');
$this->assertFlashMessage('If the account is valid, the system will send an instructional email to the address on record.');
$userAfter = $Table->find()->where(['email' => '[email protected]'])->firstOrFail();
$this->assertNotEquals('token-4', $userAfter->token);
$this->assertNotEmpty($userAfter->token);
Expand Down Expand Up @@ -107,6 +107,6 @@ public function testRequestResetPasswordPostInvalidEmail()
];
$this->post('/users/request-reset-password', $data);
$this->assertResponseOk();
$this->assertFlashMessage('User [email protected] was not found');
$this->assertFlashMessage('If the account is valid, the system will send an instructional email to the address on record.');
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -401,7 +401,7 @@ public function testRequestPasswordEmptyReference()
->will($this->returnValue($reference));
$this->Trait->Flash->expects($this->any())
->method('error')
->with('Token could not be reset');
->with('There was an error please contact Administrator');

$this->Trait->expects($this->never())
->method('redirect');
Expand All @@ -415,7 +415,7 @@ public function testRequestPasswordEmptyReference()
*/
public function testEnsureUserActiveForResetPasswordFeature($ensureActive)
{
$expectError = $this->never();
$expectError = $this->any();

if ($ensureActive) {
Configure::write('Users.Registration.ensureActive', true);
Expand All @@ -431,8 +431,8 @@ public function testEnsureUserActiveForResetPasswordFeature($ensureActive)
->with('reference')
->will($this->returnValue($reference));
$this->Trait->Flash->expects($expectError)
->method('error')
->with('The user is not active');
->method('success')
->with('If the account is valid, the system will send an instructional email to the address on record.');
$this->Trait->requestResetPassword();
$this->assertNotEquals('xxx', $this->table->get('00000000-0000-0000-0000-000000000001')->token);
}
Expand Down

0 comments on commit a4b213c

Please sign in to comment.