diff --git a/app/assets/javascripts/app/controllers/password_reset.coffee b/app/assets/javascripts/app/controllers/password_reset.coffee index ea392d9aa..ea1060dea 100644 --- a/app/assets/javascripts/app/controllers/password_reset.coffee +++ b/app/assets/javascripts/app/controllers/password_reset.coffee @@ -58,22 +58,13 @@ class Index extends App.ControllerContent ) success: (data) => - if data.message is 'ok' - # if in developer mode, redirect to set new password - if data.token && @Config.get('developer_mode') is true - redirect = => - @navigate "#password_reset_verify/#{data.token}" - @delay(redirect, 2000) - @render(sent: true) - - else - @$('[name=username]').val('') - @notify( - type: 'error' - msg: App.i18n.translateContent('Username or email address invalid, please try again.') - ) - @formEnable( @el.find('.form-password') ) + # if in developer mode, redirect to set new password + if data.token && @Config.get('developer_mode') is true + redirect = => + @navigate "#password_reset_verify/#{data.token}" + @delay(redirect, 2000) + @render(sent: true) App.Config.set('password_reset', Index, 'Routes') diff --git a/app/assets/javascripts/app/views/password/reset.jst.eco b/app/assets/javascripts/app/views/password/reset.jst.eco index 1fd5fc24a..2892223a3 100644 --- a/app/assets/javascripts/app/views/password/reset.jst.eco +++ b/app/assets/javascripts/app/views/password/reset.jst.eco @@ -4,7 +4,10 @@ <% if @sent: %>

<%- @T('We\'ve sent password reset instructions to your email address.') %>

<%- @T('If you don\'t receive instructions within a minute or two, check your email\'s spam and junk filters, or try resending your request.') %>

- » <%- @T('again') %> « +
+ <%- @T( 'Cancel & Go Back' ) %> + +
<% else: %>

<%- @T( 'Forgot your password?' ) %>

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 9c77fbc1f..257df6ab9 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -534,9 +534,12 @@ curl http://localhost/api/v1/users/email_verify_send -v -u #{login}:#{password} raise Exceptions::UnprocessableEntity, 'No email!' if !params[:email] - # check is verify is possible to send user = User.find_by(email: params[:email].downcase) - raise Exceptions::UnprocessableEntity, 'No such user!' if !user + if !user + # result is always positive to avoid leaking of existing user accounts + render json: { message: 'ok' }, status: :ok + return + end #if user.verified == true # render json: { error: 'Already verified!' }, status: :unprocessable_entity @@ -615,14 +618,10 @@ curl http://localhost/api/v1/users/password_reset -v -u #{login}:#{password} -H render json: { message: 'ok', token: result[:token].name }, status: :ok return end - - # token sent to user, send ok to browser - render json: { message: 'ok' }, status: :ok - return end - # unable to generate token - render json: { message: 'failed' }, status: :ok + # result is always positive to avoid leaking of existing user accounts + render json: { message: 'ok' }, status: :ok end =begin diff --git a/test/browser/signup_password_change_and_reset_test.rb b/test/browser/signup_password_change_and_reset_test.rb index dd2d316e7..333329384 100644 --- a/test/browser/signup_password_change_and_reset_test.rb +++ b/test/browser/signup_password_change_and_reset_test.rb @@ -208,9 +208,11 @@ class SignupPasswordChangeAndResetTest < TestCase click(css: '.content .btn--primary') watch_for( css: 'body', - value: 'address invalid', + value: 'sent password reset instructions', ) + click(css: '.content .btn--primary') + set( css: 'input[name="username"]', value: signup_user_email,