From a3a8fee8adf847f08479cf6b860417fe1f36d791 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Sat, 17 Jan 2015 14:51:29 +0000 Subject: [PATCH] Send password reset email to the email used in lost password form (#4244). git-svn-id: http://svn.redmine.org/redmine/trunk@13888 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/account_controller.rb | 7 +++++-- app/models/mailer.rb | 5 +++-- test/functional/account_controller_test.rb | 14 ++++++++++++++ 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 77058ea5c..2ad7af610 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -82,7 +82,8 @@ class AccountController < ApplicationController return else if request.post? - user = User.find_by_mail(params[:mail].to_s) + email = params[:mail].to_s + user = User.find_by_mail(email) # user not found unless user flash.now[:error] = l(:notice_account_unknown_email) @@ -100,7 +101,9 @@ class AccountController < ApplicationController # create a new token for password recovery token = Token.new(:user => user, :action => "recovery") if token.save - Mailer.lost_password(token).deliver + # Don't use the param to send the email + recipent = user.mails.detect {|e| e.downcase == email.downcase} || user.mail + Mailer.lost_password(token, recipent).deliver flash[:notice] = l(:notice_account_lost_email_sent) redirect_to signin_path return diff --git a/app/models/mailer.rb b/app/models/mailer.rb index a859c039b..f6312e073 100644 --- a/app/models/mailer.rb +++ b/app/models/mailer.rb @@ -289,11 +289,12 @@ class Mailer < ActionMailer::Base :subject => l(:mail_subject_register, Setting.app_title) end - def lost_password(token) + def lost_password(token, recipient=nil) set_language_if_valid(token.user.language) + recipient ||= token.user.mail @token = token @url = url_for(:controller => 'account', :action => 'lost_password', :token => token.value) - mail :to => token.user.mail, + mail :to => recipient, :subject => l(:mail_subject_lost_password, Setting.app_title) end diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb index 8b14a2553..87c53aac3 100644 --- a/test/functional/account_controller_test.rb +++ b/test/functional/account_controller_test.rb @@ -304,6 +304,20 @@ class AccountControllerTest < ActionController::TestCase end end + def test_lost_password_using_additional_email_address_should_send_email_to_the_address + EmailAddress.create!(:user_id => 2, :address => 'anotherAddress@foo.bar') + Token.delete_all + + assert_difference 'ActionMailer::Base.deliveries.size' do + assert_difference 'Token.count' do + post :lost_password, :mail => 'ANOTHERaddress@foo.bar' + assert_redirected_to '/login' + end + end + mail = ActionMailer::Base.deliveries.last + assert_equal ['anotherAddress@foo.bar'], mail.bcc + end + def test_lost_password_for_unknown_user_should_fail Token.delete_all assert_no_difference 'Token.count' do -- 2.39.5