Skip to content

Commit

Permalink
Prevent account detection
Browse files Browse the repository at this point in the history
  • Loading branch information
core23 committed Sep 9, 2023
1 parent 86d085f commit de9bb0d
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 7 deletions.
12 changes: 7 additions & 5 deletions src/Action/RequestResetAction.php
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,10 @@ private function process(Request $request): ?Response
{
$username = (string) $request->request->get('username', '');

Check warning on line 105 in src/Action/RequestResetAction.php

View workflow job for this annotation

GitHub Actions / run / Mutation Tests (8.2)

Escaped Mutant for Mutator "CastString": --- Original +++ New @@ @@ */ private function process(Request $request) : ?Response { - $username = (string) $request->request->get('username', ''); + $username = $request->request->get('username', ''); if ('' === trim($username)) { return null; }

if ('' === trim($username)) {

Check warning on line 107 in src/Action/RequestResetAction.php

View workflow job for this annotation

GitHub Actions / run / Mutation Tests (8.2)

Escaped Mutant for Mutator "UnwrapTrim": --- Original +++ New @@ @@ private function process(Request $request) : ?Response { $username = (string) $request->request->get('username', ''); - if ('' === trim($username)) { + if ('' === $username) { return null; } $user = null;
return null;
}

$user = null;

try {
Expand All @@ -112,7 +116,7 @@ private function process(Request $request): ?Response
}

if (!$user instanceof UserInterface) {
return null;
return new RedirectResponse($this->router->generate('nucleos_user_resetting_check_email'));

Check warning on line 119 in src/Action/RequestResetAction.php

View check run for this annotation

Codecov / codecov/patch

src/Action/RequestResetAction.php#L119

Added line #L119 was not covered by tests
}

$event = new GetResponseNullableUserEvent($user, $request);
Expand All @@ -123,7 +127,7 @@ private function process(Request $request): ?Response
}

if ($user->isPasswordRequestNonExpired($this->retryTtl)) {
return null;
return new RedirectResponse($this->router->generate('nucleos_user_resetting_check_email'));

Check warning on line 130 in src/Action/RequestResetAction.php

View check run for this annotation

Codecov / codecov/patch

src/Action/RequestResetAction.php#L130

Added line #L130 was not covered by tests
}

$event = new GetResponseUserEvent($user, $request);
Expand Down Expand Up @@ -155,8 +159,6 @@ private function process(Request $request): ?Response
return $event->getResponse();
}

return new RedirectResponse($this->router->generate('nucleos_user_resetting_check_email', [
'username' => $username,
]));
return new RedirectResponse($this->router->generate('nucleos_user_resetting_check_email'));

Check warning on line 162 in src/Action/RequestResetAction.php

View check run for this annotation

Codecov / codecov/patch

src/Action/RequestResetAction.php#L162

Added line #L162 was not covered by tests
}
}
2 changes: 1 addition & 1 deletion src/Resources/translations/NucleosUserBundle.de.xlf
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
</trans-unit>
<trans-unit id="resetting.check_email">
<source>resetting.check_email</source>
<target><![CDATA[Eine E-Mail wurde verschickt. Sie beinhaltet einen Link zum Zurücksetzen des Passwortes.
<target><![CDATA[Eine E-Mail wurde verschickt, falls wir ein Konto finden konnten. Sie beinhaltet einen Link zum Zurücksetzen des Passwortes.
Hinweis: Ein neues Passwort kann nur alle %tokenLifetime% Stunden beantragt werden.
Eventuell wurde diese E-Mail als Spam markiert, wenn sie nicht angekommen ist.]]></target>
Expand Down
2 changes: 1 addition & 1 deletion src/Resources/translations/NucleosUserBundle.en.xlf
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
</trans-unit>
<trans-unit id="resetting.check_email">
<source>resetting.check_email</source>
<target><![CDATA[An email has been sent. It contains a link you must click to reset your password.
<target><![CDATA[An email has been sent if we could find you. It contains a link you must click to reset your password.
Note: You can only request a new password once within %tokenLifetime% hours.
If you don't get an email check your spam folder or try again.]]></target>
Expand Down

0 comments on commit de9bb0d

Please sign in to comment.