From 61bcde6284408c1c66552a6f1627bcc8cc7960e4 Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Thu, 11 Sep 2014 12:04:44 +1000
Subject: [PATCH] FEATURE: inform users if forgot password works or not FIX:
 flash dialog in forgot password often had wrong color

(this can be disabled by setting forgot_password_verbose to false)
---
 .../controllers/forgot-password.js.es6        | 22 ++++++++++++++-----
 app/controllers/session_controller.rb         |  9 ++++++--
 config/locales/client.en.yml                  |  4 ++++
 config/locales/server.en.yml                  |  1 +
 config/site_settings.yml                      |  1 +
 5 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/app/assets/javascripts/discourse/controllers/forgot-password.js.es6 b/app/assets/javascripts/discourse/controllers/forgot-password.js.es6
index 92af5984d2f..08e40195734 100644
--- a/app/assets/javascripts/discourse/controllers/forgot-password.js.es6
+++ b/app/assets/javascripts/discourse/controllers/forgot-password.js.es6
@@ -17,18 +17,28 @@ export default DiscourseController.extend(ModalFunctionality, {
 
       this.set('disabled', true);
 
-      var success = function() {
+      var success = function(data) {
         // don't tell people what happened, this keeps it more secure (ensure same on server)
         var escaped = Handlebars.Utils.escapeExpression(self.get('accountEmailOrUsername'));
-        if (self.get('accountEmailOrUsername').match(/@/)) {
-          self.flash(I18n.t('forgot_password.complete_email', {email: escaped}));
-        } else {
-          self.flash(I18n.t('forgot_password.complete_username', {username: escaped}));
+        var isEmail = self.get('accountEmailOrUsername').match(/@/);
+
+        var key = 'forgot_password.complete_' + (isEmail ? 'email' : 'username');
+        var extraClass;
+
+        if (data.user_found === true) {
+          key += '_found';
         }
+
+        if (data.user_found === false) {
+          key += '_not_found';
+          extraClass = 'error';
+        }
+
+        self.flash(I18n.t(key, {email: escaped, username: escaped}), extraClass);
       };
 
       var fail = function(e) {
-        self.flash(e.responseJSON.errors[0], 'alert-error');
+        self.flash(e.responseJSON.errors[0], 'error');
       };
 
       Discourse.ajax('/session/forgot_password', {
diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
index b63d5f8c6f5..2a291716a52 100644
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@@ -108,8 +108,13 @@ class SessionController < ApplicationController
       email_token = user.email_tokens.create(email: user.email)
       Jobs.enqueue(:user_email, type: :forgot_password, user_id: user.id, email_token: email_token.token)
     end
-    # always render of so we don't leak information
-    render json: {result: "ok"}
+
+    json = { result: "ok" }
+    if SiteSetting.forgot_password_verbose
+      json[:user_found] = user.present?
+    end
+
+    render json: json
 
   rescue RateLimiter::LimitExceeded
     render_json_error(I18n.t("rate_limiter.slow_down"))
diff --git a/config/locales/client.en.yml b/config/locales/client.en.yml
index 66c46be8e60..d697cfd8d3d 100644
--- a/config/locales/client.en.yml
+++ b/config/locales/client.en.yml
@@ -586,7 +586,11 @@ en:
       reset: "Reset Password"
       complete_username: "If an account matches the username <b>%{username}</b>, you should receive an email with instructions on how to reset your password shortly."
       complete_email: "If an account matches <b>%{email}</b>, you should receive an email with instructions on how to reset your password shortly."
+      complete_username_found: "We found an account that matches the username <b>%{username}</b>, you should receive an email with instructions on how to reset your password shortly."
+      complete_email_found: "We found an account that matches <b>%{email}</b>, you should receive an email with instructions on how to reset your password shortly."
 
+      complete_username_not_found: "No account matches the username <b>%{username}</b>"
+      complete_email_not_found: "No account matches <b>%{email}</b>"
     login:
       title: "Log In"
       username: "User"
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 9b71f92c59d..2cfe9ac4e78 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -749,6 +749,7 @@ en:
     allow_index_in_robots_txt: "Specify in robots.txt that this site is allowed to be indexed by web search engines."
     email_domains_blacklist: "A list of email domains that users are not allowed to register accounts with. Example: mailinator.com trashmail.net"
     email_domains_whitelist: "A list of email domains that users MUST register accounts with. WARNING: Users with email domains other than those listed will not be allowed!"
+    forgot_password_verbose: "Inform users of an account's existance when they use the forgot password dialog."
     version_checks: "Ping the Discourse Hub for version updates and show new version messages on the /admin dashboard"
     new_version_emails: "Send an email to the contact_email address when a new version of Discourse is available."
 
diff --git a/config/site_settings.yml b/config/site_settings.yml
index b812cb6e0a9..e12a48081c3 100644
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -239,6 +239,7 @@ login:
   email_domains_whitelist:
     default: ''
     type: list
+  forgot_password_verbose: true
 
 users:
   min_username_length: