Send password reset email to the email used in lost password form (#4244).

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Sat, 17 Jan 2015 14:51:29 +0000 (14:51 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Sat, 17 Jan 2015 14:51:29 +0000 (14:51 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Sat, 17 Jan 2015 14:51:29 +0000 (14:51 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Sat, 17 Jan 2015 14:51:29 +0000 (14:51 +0000)
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb

index 77058ea5c84826e626a7a23561c0ab82674ed9ad..2ad7af61096fa605e1efcceda806ee6c2ab67d28 100644 (file)
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -82,7 +82,8 @@ class AccountController < ApplicationController
        return
      else
        if request.post?
-        user = User.find_by_mail(params[:mail].to_s)
+        email = params[:mail].to_s
+        user = User.find_by_mail(email)
          # user not found
          unless user
            flash.now[:error] = l(:notice_account_unknown_email)
@@ -100,7 +101,9 @@ class AccountController < ApplicationController
          # create a new token for password recovery
          token = Token.new(:user => user, :action => "recovery")
          if token.save
-          Mailer.lost_password(token).deliver
+          # Don't use the param to send the email
+          recipent = user.mails.detect {|e| e.downcase == email.downcase} || user.mail
+          Mailer.lost_password(token, recipent).deliver
            flash[:notice] = l(:notice_account_lost_email_sent)
            redirect_to signin_path
            return
diff --git a/app/models/mailer.rb b/app/models/mailer.rb

index a859c039b4e58eddfbeb245d752d8feae5279ffa..f6312e0730e4f2e1a05e1788fb60360352c3ab36 100644 (file)
--- a/app/models/mailer.rb
+++ b/app/models/mailer.rb
@@ -289,11 +289,12 @@ class Mailer < ActionMailer::Base
        :subject => l(:mail_subject_register, Setting.app_title)
    end
  
-  def lost_password(token)
+  def lost_password(token, recipient=nil)
      set_language_if_valid(token.user.language)
+    recipient ||= token.user.mail
      @token = token
      @url = url_for(:controller => 'account', :action => 'lost_password', :token => token.value)
-    mail :to => token.user.mail,
+    mail :to => recipient,
        :subject => l(:mail_subject_lost_password, Setting.app_title)
    end
  
diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb

index 8b14a255373149cee1f2ee74d9f04e7c27ee0665..87c53aac39793c25d2829d91cf56a923fb51d573 100644 (file)
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -304,6 +304,20 @@ class AccountControllerTest < ActionController::TestCase
      end
    end
  
+  def test_lost_password_using_additional_email_address_should_send_email_to_the_address
+    EmailAddress.create!(:user_id => 2, :address => 'anotherAddress@foo.bar')
+    Token.delete_all
+
+    assert_difference 'ActionMailer::Base.deliveries.size' do
+      assert_difference 'Token.count' do
+        post :lost_password, :mail => 'ANOTHERaddress@foo.bar'
+        assert_redirected_to '/login'
+      end
+    end
+    mail = ActionMailer::Base.deliveries.last
+    assert_equal ['anotherAddress@foo.bar'], mail.bcc
+  end
+
    def test_lost_password_for_unknown_user_should_fail
      Token.delete_all
      assert_no_difference 'Token.count' do
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sat, 17 Jan 2015 14:51:29 +0000 (14:51 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sat, 17 Jan 2015 14:51:29 +0000 (14:51 +0000)
app/controllers/account_controller.rb		patch \| blob \| history
app/models/mailer.rb		patch \| blob \| history
test/functional/account_controller_test.rb		patch \| blob \| history