Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
avoid exposing registered email addresses
  • Loading branch information
Athou committed Jul 13, 2022
1 parent d82bb22 commit 9bbfc2d
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
2 changes: 1 addition & 1 deletion src/main/app/js/controllers.js
Expand Up @@ -1683,7 +1683,7 @@ module.controller("LoginCtrl", [
}

var recovery_success = function (data) {
$scope.recovery_message = "Email has ben sent. Check your inbox."
$scope.recovery_message = "An email has been sent if this address was registered. Check your inbox."
}
var recovery_error = function (data) {
$scope.recovery_message = data.data
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/com/commafeed/frontend/resource/UserREST.java
Expand Up @@ -259,8 +259,9 @@ public Response login(@ApiParam(required = true) LoginRequest req, @ApiParam(hid
public Response sendPasswordReset(@Valid @ApiParam(required = true) PasswordResetRequest req) {
User user = userDAO.findByEmail(req.getEmail());
if (user == null) {
return Response.status(Status.PRECONDITION_FAILED).entity("Email not found.").type(MediaType.TEXT_PLAIN).build();
return Response.ok().build();
}

try {
user.setRecoverPasswordToken(DigestUtils.sha1Hex(UUID.randomUUID().toString()));
user.setRecoverPasswordTokenDate(new Date());
Expand Down

0 comments on commit 9bbfc2d

Please sign in to comment.