Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: Rate limited errors on forgot password were not displayed

This commit is contained in:
Robin Ward 2016-11-16 11:20:55 -05:00
parent 26f9a7ac50
commit 036954d5b4
1 changed files with 23 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
app/assets/javascripts/discourse/controllers/forgot-password.js.es6
View File

@ -1,62 +1,54 @@
import { ajax } from 'discourse/lib/ajax'; import { ajax } from 'discourse/lib/ajax';
import ModalFunctionality from 'discourse/mixins/modal-functionality'; import ModalFunctionality from 'discourse/mixins/modal-functionality';
import { escapeExpression } from 'discourse/lib/utilities'; import { escapeExpression } from 'discourse/lib/utilities';
import { extractError } from 'discourse/lib/ajax-error';
import computed from 'ember-addons/ember-computed-decorators';
export default Ember.Controller.extend(ModalFunctionality, { export default Ember.Controller.extend(ModalFunctionality, {
// You need a value in the field to submit it. @computed('accountEmailOrUsername', 'disabled')
submitDisabled: function() { submitDisabled(accountEmailOrUsername, disabled) {
return Ember.isEmpty((this.get('accountEmailOrUsername') || '').trim()) || this.get('disabled'); return Ember.isEmpty((accountEmailOrUsername || '').trim()) || disabled;
}.property('accountEmailOrUsername', 'disabled'), },
onShow: function() { onShow() {
if ($.cookie('email')) { if ($.cookie('email')) {
this.set('accountEmailOrUsername', $.cookie('email')); this.set('accountEmailOrUsername', $.cookie('email'));
} }
}, },
actions: { actions: {
submit: function() { submit() {
var self = this;
if (this.get('submitDisabled')) return false; if (this.get('submitDisabled')) return false;
this.set('disabled', true); this.set('disabled', true);
var success = function(data) { ajax('/session/forgot_password', {
// don't tell people what happened, this keeps it more secure (ensure same on server) data: { login: this.get('accountEmailOrUsername').trim() },
var escaped = escapeExpression(self.get('accountEmailOrUsername')); type: 'POST'
var isEmail = self.get('accountEmailOrUsername').match(/@/); }).then(data => {
const escaped = escapeExpression(this.get('accountEmailOrUsername'));
var key = 'forgot_password.complete_' + (isEmail ? 'email' : 'username'); const isEmail = this.get('accountEmailOrUsername').match(/@/);
var extraClass; let key = 'forgot_password.complete_' + (isEmail ? 'email' : 'username');
let extraClass;
if (data.user_found === true) { if (data.user_found === true) {
key += '_found'; key += '_found';
self.set('accountEmailOrUsername', ''); this.set('accountEmailOrUsername', '');
bootbox.alert(I18n.t(key, {email: escaped, username: escaped})); bootbox.alert(I18n.t(key, {email: escaped, username: escaped}));
self.send("closeModal"); this.send("closeModal");
} else { } else {
if (data.user_found === false) { if (data.user_found === false) {
key += '_not_found'; key += '_not_found';
extraClass = 'error'; extraClass = 'error';
} }
self.flash(I18n.t(key, {email: escaped, username: escaped}), extraClass); this.flash(I18n.t(key, {email: escaped, username: escaped}), extraClass);
} }
}; }).catch(e => {
this.flash(extractError(e), 'error');
var fail = function(e) { }).finally(() => {
self.flash(e.responseJSON.errors[0], 'error'); setTimeout(() => this.set('disabled', false), 1000);
};
ajax('/session/forgot_password', {
data: { login: this.get('accountEmailOrUsername').trim() },
type: 'POST'
}).then(success, fail).finally(function(){
setTimeout(function(){
self.set('disabled',false);
}, 1000);
}); });
return false; return false;