Enhancement: Reduce shown messages after password reset/verify to one single version.

2020-02-13 12:56:31 +01:00 · 2020-02-13 12:56:31 +01:00 · e61fa6795e
commit e61fa6795e
parent bca16dee16
4 changed files with 20 additions and 25 deletions
--- a/app/assets/javascripts/app/controllers/password_reset.coffee
+++ b/app/assets/javascripts/app/controllers/password_reset.coffee
@ -58,22 +58,13 @@ class Index extends App.ControllerContent
    )

  success: (data) =>
-    if data.message is 'ok'

-      # if in developer mode, redirect to set new password
-      if data.token && @Config.get('developer_mode') is true
-        redirect = =>
-          @navigate "#password_reset_verify/#{data.token}"
-        @delay(redirect, 2000)
-      @render(sent: true)
-
-    else
-      @$('[name=username]').val('')
-      @notify(
-        type: 'error'
-        msg:  App.i18n.translateContent('Username or email address invalid, please try again.')
-      )
-      @formEnable( @el.find('.form-password') )
+    # if in developer mode, redirect to set new password
+    if data.token && @Config.get('developer_mode') is true
+      redirect = =>
+        @navigate "#password_reset_verify/#{data.token}"
+      @delay(redirect, 2000)
+    @render(sent: true)

 App.Config.set('password_reset', Index, 'Routes')

--- a/app/assets/javascripts/app/views/password/reset.jst.eco
+++ b/app/assets/javascripts/app/views/password/reset.jst.eco
@ -4,7 +4,10 @@
      <% if @sent: %>
        <h2><%- @T('We\'ve sent password reset instructions to your email address.') %><small></small></h2>
        <p><%- @T('If you don\'t receive instructions within a minute or two, check your email\'s spam and junk filters, or try resending your request.') %></p>
-        <a href="#" class="subtle retry">&raquo; <%- @T('again') %> &laquo;</a>
+        <div class="form-controls">
+          <a class="btn btn--text btn--subtle js-cancel" href="#login"><%- @T( 'Cancel & Go Back' ) %></a>
+          <button class="btn btn--primary retry align-right"><%- @T( 'again' ) %></button>
+        </div>
      <% else: %>
        <h2><%- @T( 'Forgot your password?' ) %><small></small></h2>
        <form class="form-password">
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -534,9 +534,12 @@ curl http://localhost/api/v1/users/email_verify_send -v -u #{login}:#{password}

    raise Exceptions::UnprocessableEntity, 'No email!' if !params[:email]

-    # check is verify is possible to send
    user = User.find_by(email: params[:email].downcase)
-    raise Exceptions::UnprocessableEntity, 'No such user!' if !user
+    if !user
+      # result is always positive to avoid leaking of existing user accounts
+      render json: { message: 'ok' }, status: :ok
+      return
+    end

    #if user.verified == true
    #  render json: { error: 'Already verified!' }, status: :unprocessable_entity
@ -615,14 +618,10 @@ curl http://localhost/api/v1/users/password_reset -v -u #{login}:#{password} -H
        render json: { message: 'ok', token: result[:token].name }, status: :ok
        return
      end
-
-      # token sent to user, send ok to browser
-      render json: { message: 'ok' }, status: :ok
-      return
    end

-    # unable to generate token
-    render json: { message: 'failed' }, status: :ok
+    # result is always positive to avoid leaking of existing user accounts
+    render json: { message: 'ok' }, status: :ok
  end

 =begin
--- a/test/browser/signup_password_change_and_reset_test.rb
+++ b/test/browser/signup_password_change_and_reset_test.rb
@ -208,9 +208,11 @@ class SignupPasswordChangeAndResetTest < TestCase
    click(css: '.content .btn--primary')
    watch_for(
      css:   'body',
-      value: 'address invalid',
+      value: 'sent password reset instructions',
    )

+    click(css: '.content .btn--primary')
+
    set(
      css:   'input[name="username"]',
      value: signup_user_email,