respond with a generic message instead of 'That account does not exist'

CakeDC · Mar 12, 2024 · d50316a · d50316a
1 parent c1fa7ea
commit d50316a
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/src/Controller/Traits/PasswordManagementTrait.php b/src/Controller/Traits/PasswordManagementTrait.php
@@ -166,20 +166,20 @@ public function requestResetPassword()
                 'type' => 'password',
             ]);
             if ($resetUser) {
-                $msg = __d('cake_d_c/users', 'Please check your email to continue with password reset process');
+                $msg = __d('cake_d_c/users', 'If the account is valid, the system will send an instructional email to the address on record.');
                 $this->Flash->success($msg);
             } else {
-                $msg = __d('cake_d_c/users', 'The password token could not be generated. Please try again');
+                $msg = __d('cake_d_c/users', 'There was an error please contact Administrator');
                 $this->Flash->error($msg);
             }
 
             return $this->redirect(['action' => 'login']);
-        } catch (UserNotFoundException $exception) {
-            $this->Flash->error(__d('cake_d_c/users', 'User {0} was not found', $reference));
-        } catch (UserNotActiveException $exception) {
-            $this->Flash->error(__d('cake_d_c/users', 'The user is not active'));
+        } catch (UserNotFoundException|UserNotActiveException $exception) {
+            $msg = __d('cake_d_c/users', 'If the account is valid, the system will send an instructional email to the address on record.');
+            $this->Flash->error($msg);
         } catch (Exception $exception) {
-            $this->Flash->error(__d('cake_d_c/users', 'Token could not be reset'));
+            $msg = __d('cake_d_c/users', 'There was an error please contact Administrator');
+            $this->Flash->error($msg);
             $this->log($exception->getMessage());
         }
     }