From 61bcde6284408c1c66552a6f1627bcc8cc7960e4 Mon Sep 17 00:00:00 2001 From: Sam <sam.saffron@gmail.com> Date: Thu, 11 Sep 2014 12:04:44 +1000 Subject: [PATCH] FEATURE: inform users if forgot password works or not FIX: flash dialog in forgot password often had wrong color (this can be disabled by setting forgot_password_verbose to false) --- .../controllers/forgot-password.js.es6 | 22 ++++++++++++++----- app/controllers/session_controller.rb | 9 ++++++-- config/locales/client.en.yml | 4 ++++ config/locales/server.en.yml | 1 + config/site_settings.yml | 1 + 5 files changed, 29 insertions(+), 8 deletions(-) diff --git a/app/assets/javascripts/discourse/controllers/forgot-password.js.es6 b/app/assets/javascripts/discourse/controllers/forgot-password.js.es6 index 92af5984d2f..08e40195734 100644 --- a/app/assets/javascripts/discourse/controllers/forgot-password.js.es6 +++ b/app/assets/javascripts/discourse/controllers/forgot-password.js.es6 @@ -17,18 +17,28 @@ export default DiscourseController.extend(ModalFunctionality, { this.set('disabled', true); - var success = function() { + var success = function(data) { // don't tell people what happened, this keeps it more secure (ensure same on server) var escaped = Handlebars.Utils.escapeExpression(self.get('accountEmailOrUsername')); - if (self.get('accountEmailOrUsername').match(/@/)) { - self.flash(I18n.t('forgot_password.complete_email', {email: escaped})); - } else { - self.flash(I18n.t('forgot_password.complete_username', {username: escaped})); + var isEmail = self.get('accountEmailOrUsername').match(/@/); + + var key = 'forgot_password.complete_' + (isEmail ? 'email' : 'username'); + var extraClass; + + if (data.user_found === true) { + key += '_found'; } + + if (data.user_found === false) { + key += '_not_found'; + extraClass = 'error'; + } + + self.flash(I18n.t(key, {email: escaped, username: escaped}), extraClass); }; var fail = function(e) { - self.flash(e.responseJSON.errors[0], 'alert-error'); + self.flash(e.responseJSON.errors[0], 'error'); }; Discourse.ajax('/session/forgot_password', { diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb index b63d5f8c6f5..2a291716a52 100644 --- a/app/controllers/session_controller.rb +++ b/app/controllers/session_controller.rb @@ -108,8 +108,13 @@ class SessionController < ApplicationController email_token = user.email_tokens.create(email: user.email) Jobs.enqueue(:user_email, type: :forgot_password, user_id: user.id, email_token: email_token.token) end - # always render of so we don't leak information - render json: {result: "ok"} + + json = { result: "ok" } + if SiteSetting.forgot_password_verbose + json[:user_found] = user.present? + end + + render json: json rescue RateLimiter::LimitExceeded render_json_error(I18n.t("rate_limiter.slow_down")) diff --git a/config/locales/client.en.yml b/config/locales/client.en.yml index 66c46be8e60..d697cfd8d3d 100644 --- a/config/locales/client.en.yml +++ b/config/locales/client.en.yml @@ -586,7 +586,11 @@ en: reset: "Reset Password" complete_username: "If an account matches the username <b>%{username}</b>, you should receive an email with instructions on how to reset your password shortly." complete_email: "If an account matches <b>%{email}</b>, you should receive an email with instructions on how to reset your password shortly." + complete_username_found: "We found an account that matches the username <b>%{username}</b>, you should receive an email with instructions on how to reset your password shortly." + complete_email_found: "We found an account that matches <b>%{email}</b>, you should receive an email with instructions on how to reset your password shortly." + complete_username_not_found: "No account matches the username <b>%{username}</b>" + complete_email_not_found: "No account matches <b>%{email}</b>" login: title: "Log In" username: "User" diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml index 9b71f92c59d..2cfe9ac4e78 100644 --- a/config/locales/server.en.yml +++ b/config/locales/server.en.yml @@ -749,6 +749,7 @@ en: allow_index_in_robots_txt: "Specify in robots.txt that this site is allowed to be indexed by web search engines." email_domains_blacklist: "A list of email domains that users are not allowed to register accounts with. Example: mailinator.com trashmail.net" email_domains_whitelist: "A list of email domains that users MUST register accounts with. WARNING: Users with email domains other than those listed will not be allowed!" + forgot_password_verbose: "Inform users of an account's existance when they use the forgot password dialog." version_checks: "Ping the Discourse Hub for version updates and show new version messages on the /admin dashboard" new_version_emails: "Send an email to the contact_email address when a new version of Discourse is available." diff --git a/config/site_settings.yml b/config/site_settings.yml index b812cb6e0a9..e12a48081c3 100644 --- a/config/site_settings.yml +++ b/config/site_settings.yml @@ -239,6 +239,7 @@ login: email_domains_whitelist: default: '' type: list + forgot_password_verbose: true users: min_username_length: