FEATURE: inform users if forgot password works or not

FIX: flash dialog in forgot password often had wrong color

(this can be disabled by setting forgot_password_verbose to false)
This commit is contained in:
Sam 2014-09-11 12:04:44 +10:00
parent aa21969d99
commit 61bcde6284
5 changed files with 29 additions and 8 deletions

View File

@ -17,18 +17,28 @@ export default DiscourseController.extend(ModalFunctionality, {
this.set('disabled', true); this.set('disabled', true);
var success = function() { var success = function(data) {
// don't tell people what happened, this keeps it more secure (ensure same on server) // don't tell people what happened, this keeps it more secure (ensure same on server)
var escaped = Handlebars.Utils.escapeExpression(self.get('accountEmailOrUsername')); var escaped = Handlebars.Utils.escapeExpression(self.get('accountEmailOrUsername'));
if (self.get('accountEmailOrUsername').match(/@/)) { var isEmail = self.get('accountEmailOrUsername').match(/@/);
self.flash(I18n.t('forgot_password.complete_email', {email: escaped}));
} else { var key = 'forgot_password.complete_' + (isEmail ? 'email' : 'username');
self.flash(I18n.t('forgot_password.complete_username', {username: escaped})); var extraClass;
if (data.user_found === true) {
key += '_found';
} }
if (data.user_found === false) {
key += '_not_found';
extraClass = 'error';
}
self.flash(I18n.t(key, {email: escaped, username: escaped}), extraClass);
}; };
var fail = function(e) { var fail = function(e) {
self.flash(e.responseJSON.errors[0], 'alert-error'); self.flash(e.responseJSON.errors[0], 'error');
}; };
Discourse.ajax('/session/forgot_password', { Discourse.ajax('/session/forgot_password', {

View File

@ -108,8 +108,13 @@ class SessionController < ApplicationController
email_token = user.email_tokens.create(email: user.email) email_token = user.email_tokens.create(email: user.email)
Jobs.enqueue(:user_email, type: :forgot_password, user_id: user.id, email_token: email_token.token) Jobs.enqueue(:user_email, type: :forgot_password, user_id: user.id, email_token: email_token.token)
end end
# always render of so we don't leak information
render json: {result: "ok"} json = { result: "ok" }
if SiteSetting.forgot_password_verbose
json[:user_found] = user.present?
end
render json: json
rescue RateLimiter::LimitExceeded rescue RateLimiter::LimitExceeded
render_json_error(I18n.t("rate_limiter.slow_down")) render_json_error(I18n.t("rate_limiter.slow_down"))

View File

@ -586,7 +586,11 @@ en:
reset: "Reset Password" reset: "Reset Password"
complete_username: "If an account matches the username <b>%{username}</b>, you should receive an email with instructions on how to reset your password shortly." complete_username: "If an account matches the username <b>%{username}</b>, you should receive an email with instructions on how to reset your password shortly."
complete_email: "If an account matches <b>%{email}</b>, you should receive an email with instructions on how to reset your password shortly." complete_email: "If an account matches <b>%{email}</b>, you should receive an email with instructions on how to reset your password shortly."
complete_username_found: "We found an account that matches the username <b>%{username}</b>, you should receive an email with instructions on how to reset your password shortly."
complete_email_found: "We found an account that matches <b>%{email}</b>, you should receive an email with instructions on how to reset your password shortly."
complete_username_not_found: "No account matches the username <b>%{username}</b>"
complete_email_not_found: "No account matches <b>%{email}</b>"
login: login:
title: "Log In" title: "Log In"
username: "User" username: "User"

View File

@ -749,6 +749,7 @@ en:
allow_index_in_robots_txt: "Specify in robots.txt that this site is allowed to be indexed by web search engines." allow_index_in_robots_txt: "Specify in robots.txt that this site is allowed to be indexed by web search engines."
email_domains_blacklist: "A list of email domains that users are not allowed to register accounts with. Example: mailinator.com trashmail.net" email_domains_blacklist: "A list of email domains that users are not allowed to register accounts with. Example: mailinator.com trashmail.net"
email_domains_whitelist: "A list of email domains that users MUST register accounts with. WARNING: Users with email domains other than those listed will not be allowed!" email_domains_whitelist: "A list of email domains that users MUST register accounts with. WARNING: Users with email domains other than those listed will not be allowed!"
forgot_password_verbose: "Inform users of an account's existance when they use the forgot password dialog."
version_checks: "Ping the Discourse Hub for version updates and show new version messages on the /admin dashboard" version_checks: "Ping the Discourse Hub for version updates and show new version messages on the /admin dashboard"
new_version_emails: "Send an email to the contact_email address when a new version of Discourse is available." new_version_emails: "Send an email to the contact_email address when a new version of Discourse is available."

View File

@ -239,6 +239,7 @@ login:
email_domains_whitelist: email_domains_whitelist:
default: '' default: ''
type: list type: list
forgot_password_verbose: true
users: users:
min_username_length: min_username_length: