diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb index 1ac1cba1b5f..66a8c99512a 100644 --- a/app/controllers/session_controller.rb +++ b/app/controllers/session_controller.rb @@ -153,14 +153,15 @@ class SessionController < ApplicationController RateLimiter.new(nil, "forgot-password-min-#{request.remote_ip}", 3, 1.minute).performed! user = User.find_by_username_or_email(params[:login]) - if user.present? + user_presence = user.present? && user.id != Discourse::SYSTEM_USER_ID + if user_presence email_token = user.email_tokens.create(email: user.email) Jobs.enqueue(:user_email, type: :forgot_password, user_id: user.id, email_token: email_token.token) end json = { result: "ok" } unless SiteSetting.forgot_password_strict - json[:user_found] = user.present? + json[:user_found] = user_presence end render json: json diff --git a/spec/controllers/session_controller_spec.rb b/spec/controllers/session_controller_spec.rb index fac96a16aa3..4bb1a76a829 100644 --- a/spec/controllers/session_controller_spec.rb +++ b/spec/controllers/session_controller_spec.rb @@ -189,7 +189,7 @@ describe SessionController do @sso.name = @reversed_name @suggested_username = UserNameSuggester.suggest(@sso.username || @sso.name || @sso.email) - @suggested_name = User.suggest_name(@sso.name || @sso.username || @sso.email) + @suggested_name = User.suggest_name(@sso.name || @sso.username || @sso.email) @user.create_single_sign_on_record(external_id: '997', last_payload: '') end @@ -486,6 +486,18 @@ describe SessionController do end end + context 'do nothing to system username' do + let(:user) { Discourse.system_user } + + it 'generates no token for system username' do + lambda { xhr :post, :forgot_password, login: user.username}.should_not change(EmailToken, :count) + end + + it 'enqueues no email' do + Jobs.expects(:enqueue).never + xhr :post, :forgot_password, login: user.username + end + end end describe '.current' do