git-svn-id: http://svn.redmine.org/redmine/trunk@13888 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/3.0.0
@@ -82,7 +82,8 @@ class AccountController < ApplicationController | |||
return | |||
else | |||
if request.post? | |||
user = User.find_by_mail(params[:mail].to_s) | |||
email = params[:mail].to_s | |||
user = User.find_by_mail(email) | |||
# user not found | |||
unless user | |||
flash.now[:error] = l(:notice_account_unknown_email) | |||
@@ -100,7 +101,9 @@ class AccountController < ApplicationController | |||
# create a new token for password recovery | |||
token = Token.new(:user => user, :action => "recovery") | |||
if token.save | |||
Mailer.lost_password(token).deliver | |||
# Don't use the param to send the email | |||
recipent = user.mails.detect {|e| e.downcase == email.downcase} || user.mail | |||
Mailer.lost_password(token, recipent).deliver | |||
flash[:notice] = l(:notice_account_lost_email_sent) | |||
redirect_to signin_path | |||
return |
@@ -289,11 +289,12 @@ class Mailer < ActionMailer::Base | |||
:subject => l(:mail_subject_register, Setting.app_title) | |||
end | |||
def lost_password(token) | |||
def lost_password(token, recipient=nil) | |||
set_language_if_valid(token.user.language) | |||
recipient ||= token.user.mail | |||
@token = token | |||
@url = url_for(:controller => 'account', :action => 'lost_password', :token => token.value) | |||
mail :to => token.user.mail, | |||
mail :to => recipient, | |||
:subject => l(:mail_subject_lost_password, Setting.app_title) | |||
end | |||
@@ -304,6 +304,20 @@ class AccountControllerTest < ActionController::TestCase | |||
end | |||
end | |||
def test_lost_password_using_additional_email_address_should_send_email_to_the_address | |||
EmailAddress.create!(:user_id => 2, :address => 'anotherAddress@foo.bar') | |||
Token.delete_all | |||
assert_difference 'ActionMailer::Base.deliveries.size' do | |||
assert_difference 'Token.count' do | |||
post :lost_password, :mail => 'ANOTHERaddress@foo.bar' | |||
assert_redirected_to '/login' | |||
end | |||
end | |||
mail = ActionMailer::Base.deliveries.last | |||
assert_equal ['anotherAddress@foo.bar'], mail.bcc | |||
end | |||
def test_lost_password_for_unknown_user_should_fail | |||
Token.delete_all | |||
assert_no_difference 'Token.count' do |