diff options
| -rw-r--r-- | core/Controller/LostController.php | 16 | ||||
| -rw-r--r-- | core/js/lostpassword.js | 2 | ||||
| -rw-r--r-- | tests/Core/Controller/LostControllerTest.php | 32 |
3 files changed, 35 insertions, 15 deletions
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php index 8d1481dfc28..ed802aca582 100644 --- a/core/Controller/LostController.php +++ b/core/Controller/LostController.php @@ -39,6 +39,7 @@ use OCP\AppFramework\Utility\ITimeFactory; use OCP\Defaults; use OCP\Encryption\IEncryptionModule; use OCP\Encryption\IManager; +use OCP\ILogger; use \OCP\IURLGenerator; use \OCP\IRequest; use \OCP\IL10N; @@ -80,6 +81,8 @@ class LostController extends Controller { protected $timeFactory; /** @var ICrypto */ protected $crypto; + /** @var ILogger */ + private $logger; /** * @param string $appName @@ -108,7 +111,8 @@ class LostController extends Controller { IManager $encryptionManager, IMailer $mailer, ITimeFactory $timeFactory, - ICrypto $crypto) { + ICrypto $crypto, + ILogger $logger) { parent::__construct($appName, $request); $this->urlGenerator = $urlGenerator; $this->userManager = $userManager; @@ -121,6 +125,7 @@ class LostController extends Controller { $this->mailer = $mailer; $this->timeFactory = $timeFactory; $this->crypto = $crypto; + $this->logger = $logger; } /** @@ -236,10 +241,11 @@ class LostController extends Controller { // FIXME: use HTTP error codes try { $this->sendEmail($user); - } catch (\Exception $e){ - $response = new JSONResponse($this->error($e->getMessage())); - $response->throttle(); - return $response; + } catch (\Exception $e) { + // Ignore the error since we do not want to leak this info + $this->logger->logException($e, [ + 'level' => ILogger::WARN + ]); } $response = new JSONResponse($this->success()); diff --git a/core/js/lostpassword.js b/core/js/lostpassword.js index 084a53f412f..75e91ffac7a 100644 --- a/core/js/lostpassword.js +++ b/core/js/lostpassword.js @@ -2,7 +2,7 @@ OC.Lostpassword = { sendErrorMsg : t('core', 'Couldn\'t send reset email. Please contact your administrator.'), - sendSuccessMsg : t('core', 'The link to reset your password has been sent to your email. If you do not receive it within a reasonable amount of time, check your spam/junk folders.<br>If it is not there ask your local administrator.'), + sendSuccessMsg : t('core', 'We have send a password reset e-mail to the e-mail address known to us for this account. If you do not receive it within a reasonable amount of time, check your spam/junk folders.<br>If it is not there ask your local administrator.'), encryptedMsg : t('core', "Your files are encrypted. There will be no way to get your data back after your password is reset.<br />If you are not sure what to do, please contact your administrator before you continue. <br />Do you really want to continue?") + ('<br /><input type="checkbox" id="encrypted-continue" class="checkbox checkbox--white" value="Yes" />') diff --git a/tests/Core/Controller/LostControllerTest.php b/tests/Core/Controller/LostControllerTest.php index 91b52fc8efa..2aa10cf1165 100644 --- a/tests/Core/Controller/LostControllerTest.php +++ b/tests/Core/Controller/LostControllerTest.php @@ -31,6 +31,7 @@ use OCP\Encryption\IEncryptionModule; use OCP\Encryption\IManager; use OCP\IConfig; use OCP\IL10N; +use OCP\ILogger; use OCP\IRequest; use OCP\IURLGenerator; use OCP\IUser; @@ -74,6 +75,8 @@ class LostControllerTest extends \Test\TestCase { private $request; /** @var ICrypto|\PHPUnit_Framework_MockObject_MockObject */ private $crypto; + /** @var ILogger|\PHPUnit_Framework_MockObject_MockObject */ + private $logger; protected function setUp() { parent::setUp(); @@ -124,6 +127,7 @@ class LostControllerTest extends \Test\TestCase { ->method('isEnabled') ->willReturn(true); $this->crypto = $this->createMock(ICrypto::class); + $this->logger = $this->createMock(ILogger::class); $this->lostController = new LostController( 'Core', $this->request, @@ -137,7 +141,8 @@ class LostControllerTest extends \Test\TestCase { $this->encryptionManager, $this->mailer, $this->timeFactory, - $this->crypto + $this->crypto, + $this->logger ); } @@ -265,6 +270,9 @@ class LostControllerTest extends \Test\TestCase { array(false, $nonExistingUser) ))); + $this->logger->expects($this->exactly(2)) + ->method('logException'); + $this->userManager ->method('getByEmail') ->willReturn([]); @@ -272,8 +280,7 @@ class LostControllerTest extends \Test\TestCase { // With a non existing user $response = $this->lostController->email($nonExistingUser); $expectedResponse = new JSONResponse([ - 'status' => 'error', - 'msg' => 'Couldn\'t send reset email. Please make sure your username is correct.' + 'status' => 'success', ]); $expectedResponse->throttle(); $this->assertEquals($expectedResponse, $response); @@ -286,8 +293,7 @@ class LostControllerTest extends \Test\TestCase { ->will($this->returnValue(null)); $response = $this->lostController->email($existingUser); $expectedResponse = new JSONResponse([ - 'status' => 'error', - 'msg' => 'Couldn\'t send reset email. Please make sure your username is correct.' + 'status' => 'success', ]); $expectedResponse->throttle(); $this->assertEquals($expectedResponse, $response); @@ -511,8 +517,11 @@ class LostControllerTest extends \Test\TestCase { $this->equalTo('test@example.comSECRET') )->willReturn('encryptedToken'); + $this->logger->expects($this->exactly(1)) + ->method('logException'); + $response = $this->lostController->email('ExistingUser'); - $expectedResponse = new JSONResponse(['status' => 'error', 'msg' => 'Couldn\'t send reset email. Please contact your administrator.']); + $expectedResponse = new JSONResponse(['status' => 'success']); $expectedResponse->throttle(); $this->assertEquals($expectedResponse, $response); } @@ -708,8 +717,11 @@ class LostControllerTest extends \Test\TestCase { ->with('ExistingUser') ->willReturn($user); + $this->logger->expects($this->exactly(1)) + ->method('logException'); + $response = $this->lostController->email('ExistingUser'); - $expectedResponse = new JSONResponse(['status' => 'error', 'msg' => 'Could not send reset email because there is no email address for this username. Please contact your administrator.']); + $expectedResponse = new JSONResponse(['status' => 'success']); $expectedResponse->throttle(); $this->assertEquals($expectedResponse, $response); } @@ -790,12 +802,14 @@ class LostControllerTest extends \Test\TestCase { ->method('getByEmail') ->willReturn([$user1, $user2]); + $this->logger->expects($this->exactly(1)) + ->method('logException'); + // request password reset for test@example.com $response = $this->lostController->email('test@example.com'); $expectedResponse = new JSONResponse([ - 'status' => 'error', - 'msg' => 'Couldn\'t send reset email. Please make sure your username is correct.' + 'status' => 'success' ]); $expectedResponse->throttle(); |