diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2019-01-14 21:05:52 +0100 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2019-01-15 15:53:43 +0100 |
| commit | d0397f9b5354b5b277c0b0e72983ba7cd9b4822e (patch) | |
| tree | fcf462aa3c5833e62738542fcef3bc212dba52a2 /core | |
| parent | 53c077afc9077dcadcaf4b8ad62590fb549947b0 (diff) | |
| download | nextcloud-server-d0397f9b5354b5b277c0b0e72983ba7cd9b4822e.tar.gz nextcloud-server-d0397f9b5354b5b277c0b0e72983ba7cd9b4822e.zip | |
Generic message on password reset
There is no need to inform the user if the account existed or not.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'core')
| -rw-r--r-- | core/Controller/LostController.php | 16 | ||||
| -rw-r--r-- | core/js/lostpassword.js | 2 |
2 files changed, 12 insertions, 6 deletions
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php index 8d1481dfc28..ed802aca582 100644 --- a/core/Controller/LostController.php +++ b/core/Controller/LostController.php @@ -39,6 +39,7 @@ use OCP\AppFramework\Utility\ITimeFactory; use OCP\Defaults; use OCP\Encryption\IEncryptionModule; use OCP\Encryption\IManager; +use OCP\ILogger; use \OCP\IURLGenerator; use \OCP\IRequest; use \OCP\IL10N; @@ -80,6 +81,8 @@ class LostController extends Controller { protected $timeFactory; /** @var ICrypto */ protected $crypto; + /** @var ILogger */ + private $logger; /** * @param string $appName @@ -108,7 +111,8 @@ class LostController extends Controller { IManager $encryptionManager, IMailer $mailer, ITimeFactory $timeFactory, - ICrypto $crypto) { + ICrypto $crypto, + ILogger $logger) { parent::__construct($appName, $request); $this->urlGenerator = $urlGenerator; $this->userManager = $userManager; @@ -121,6 +125,7 @@ class LostController extends Controller { $this->mailer = $mailer; $this->timeFactory = $timeFactory; $this->crypto = $crypto; + $this->logger = $logger; } /** @@ -236,10 +241,11 @@ class LostController extends Controller { // FIXME: use HTTP error codes try { $this->sendEmail($user); - } catch (\Exception $e){ - $response = new JSONResponse($this->error($e->getMessage())); - $response->throttle(); - return $response; + } catch (\Exception $e) { + // Ignore the error since we do not want to leak this info + $this->logger->logException($e, [ + 'level' => ILogger::WARN + ]); } $response = new JSONResponse($this->success()); diff --git a/core/js/lostpassword.js b/core/js/lostpassword.js index 084a53f412f..75e91ffac7a 100644 --- a/core/js/lostpassword.js +++ b/core/js/lostpassword.js @@ -2,7 +2,7 @@ OC.Lostpassword = { sendErrorMsg : t('core', 'Couldn\'t send reset email. Please contact your administrator.'), - sendSuccessMsg : t('core', 'The link to reset your password has been sent to your email. If you do not receive it within a reasonable amount of time, check your spam/junk folders.<br>If it is not there ask your local administrator.'), + sendSuccessMsg : t('core', 'We have send a password reset e-mail to the e-mail address known to us for this account. If you do not receive it within a reasonable amount of time, check your spam/junk folders.<br>If it is not there ask your local administrator.'), encryptedMsg : t('core', "Your files are encrypted. There will be no way to get your data back after your password is reset.<br />If you are not sure what to do, please contact your administrator before you continue. <br />Do you really want to continue?") + ('<br /><input type="checkbox" id="encrypted-continue" class="checkbox checkbox--white" value="Yes" />') |