Browse Source
Generic message on password reset
There is no need to inform the user if the account existed or not. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>tags/v16.0.0alpha1
Roeland Jago Douma
5 years ago
2 changed files with 12 additions and 6 deletions
+ 11
- 5
core/Controller/LostController.php
View File
| @@ -39,6 +39,7 @@ use OCP\AppFramework\Utility\ITimeFactory; | |||
| use OCP\Defaults; | |||
| use OCP\Encryption\IEncryptionModule; | |||
| use OCP\Encryption\IManager; | |||
| use OCP\ILogger; | |||
| use \OCP\IURLGenerator; | |||
| use \OCP\IRequest; | |||
| use \OCP\IL10N; | |||
| @@ -80,6 +81,8 @@ class LostController extends Controller { | |||
| protected $timeFactory; | |||
| /** @var ICrypto */ | |||
| protected $crypto; | |||
| /** @var ILogger */ | |||
| private $logger; | |||
| /** | |||
| * @param string $appName | |||
| @@ -108,7 +111,8 @@ class LostController extends Controller { | |||
| IManager $encryptionManager, | |||
| IMailer $mailer, | |||
| ITimeFactory $timeFactory, | |||
| ICrypto $crypto) { | |||
| ICrypto $crypto, | |||
| ILogger $logger) { | |||
| parent::__construct($appName, $request); | |||
| $this->urlGenerator = $urlGenerator; | |||
| $this->userManager = $userManager; | |||
| @@ -121,6 +125,7 @@ class LostController extends Controller { | |||
| $this->mailer = $mailer; | |||
| $this->timeFactory = $timeFactory; | |||
| $this->crypto = $crypto; | |||
| $this->logger = $logger; | |||
| } | |||
| /** | |||
| @@ -236,10 +241,11 @@ class LostController extends Controller { | |||
| // FIXME: use HTTP error codes | |||
| try { | |||
| $this->sendEmail($user); | |||
| } catch (\Exception $e){ | |||
| $response = new JSONResponse($this->error($e->getMessage())); | |||
| $response->throttle(); | |||
| return $response; | |||
| } catch (\Exception $e) { | |||
| // Ignore the error since we do not want to leak this info | |||
| $this->logger->logException($e, [ | |||
| 'level' => ILogger::WARN | |||
| ]); | |||
| } | |||
| $response = new JSONResponse($this->success()); | |||
+ 1
- 1
core/js/lostpassword.js
View File
| @@ -2,7 +2,7 @@ | |||
| OC.Lostpassword = { | |||
| sendErrorMsg : t('core', 'Couldn\'t send reset email. Please contact your administrator.'), | |||
| sendSuccessMsg : t('core', 'The link to reset your password has been sent to your email. If you do not receive it within a reasonable amount of time, check your spam/junk folders.<br>If it is not there ask your local administrator.'), | |||
| sendSuccessMsg : t('core', 'We have send a password reset e-mail to the e-mail address known to us for this account. If you do not receive it within a reasonable amount of time, check your spam/junk folders.<br>If it is not there ask your local administrator.'), | |||
| encryptedMsg : t('core', "Your files are encrypted. There will be no way to get your data back after your password is reset.<br />If you are not sure what to do, please contact your administrator before you continue. <br />Do you really want to continue?") | |||
| + ('<br /><input type="checkbox" id="encrypted-continue" class="checkbox checkbox--white" value="Yes" />') | |||
Loading…