Fake recovery by email address, to hide registrants on the site
This commit is contained in:
parent
731d283159
commit
82f9b6908c
@ -272,10 +272,16 @@ class RecoverpasswordAction extends Action
|
|||||||
try {
|
try {
|
||||||
User::recoverPassword($nore);
|
User::recoverPassword($nore);
|
||||||
$this->mode = 'sent';
|
$this->mode = 'sent';
|
||||||
|
if (common_is_email($nore) && common_config('site', 'fakeaddressrecovery')) {
|
||||||
|
// TRANS: User notification when recovering password by giving email address,
|
||||||
|
// regardless if the mail was sent or not (to hide registered email status).
|
||||||
|
$this->msg = _('If the email address you provided was found in the database, a recovery mail with instructions has been sent there.');
|
||||||
|
} else {
|
||||||
// TRANS: User notification after an e-mail with instructions was sent from the password recovery form.
|
// TRANS: User notification after an e-mail with instructions was sent from the password recovery form.
|
||||||
$this->msg = _('Instructions for recovering your password ' .
|
$this->msg = _('Instructions for recovering your password ' .
|
||||||
'have been sent to the email address registered to your ' .
|
'have been sent to the email address registered to your ' .
|
||||||
'account.');
|
'account.');
|
||||||
|
}
|
||||||
$this->success = true;
|
$this->success = true;
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
$this->success = false;
|
$this->success = false;
|
||||||
|
@ -873,16 +873,20 @@ class User extends Managed_DataObject
|
|||||||
}
|
}
|
||||||
|
|
||||||
// No luck finding anyone by that email address.
|
// No luck finding anyone by that email address.
|
||||||
// TODO: Fake sending email (since we don't want to reveal which addresses exist or not)
|
|
||||||
if (!$user instanceof User) {
|
if (!$user instanceof User) {
|
||||||
// TRANS: Information on password recovery form if no known username or e-mail address was specified.
|
if (common_config('site', 'fakeaddressrecovery')) {
|
||||||
|
// Return without actually doing anything! We fake address recovery
|
||||||
|
// to avoid revealing which email addresses are registered with the site.
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// TRANS: Information on password recovery form if no known e-mail address was specified.
|
||||||
throw new ClientException(_('No user with that email address exists here.'));
|
throw new ClientException(_('No user with that email address exists here.'));
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// This might throw a NicknameException on bad nicknames
|
// This might throw a NicknameException on bad nicknames
|
||||||
$user = User::getKV('nickname', common_canonical_nickname($nore));
|
$user = User::getKV('nickname', common_canonical_nickname($nore));
|
||||||
if (!$user instanceof User) {
|
if (!$user instanceof User) {
|
||||||
// TRANS: Information on password recovery form if no known username or e-mail address was specified.
|
// TRANS: Information on password recovery form if no known username was specified.
|
||||||
throw new ClientException(_('No user with that nickname exists here.'));
|
throw new ClientException(_('No user with that nickname exists here.'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -48,6 +48,7 @@ $default =
|
|||||||
'languages' => get_all_languages(),
|
'languages' => get_all_languages(),
|
||||||
'email' =>
|
'email' =>
|
||||||
array_key_exists('SERVER_ADMIN', $_SERVER) ? $_SERVER['SERVER_ADMIN'] : null,
|
array_key_exists('SERVER_ADMIN', $_SERVER) ? $_SERVER['SERVER_ADMIN'] : null,
|
||||||
|
'fakeaddressrecovery' => true,
|
||||||
'broughtby' => null,
|
'broughtby' => null,
|
||||||
'timezone' => 'UTC',
|
'timezone' => 'UTC',
|
||||||
'broughtbyurl' => null,
|
'broughtbyurl' => null,
|
||||||
|
Loading…
Reference in New Issue
Block a user