Merge pull request #8223 from dhensby/pulls/4.0/remove-email-from-pswdrecovery

FIX remove personal information from password reset confirmation screen
This commit is contained in:
Ingo Schommer 2018-07-06 11:27:03 +12:00 committed by GitHub
commit 2e6f29fea0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 25 deletions

View File

@ -325,5 +325,5 @@ en:
NOTEPAGESECURED: 'That page is secured. Enter your credentials below and we will send you right along.'
NOTERESETLINKINVALID: '<p>The password reset link is invalid or expired.</p><p>You can request a new one <a href="{link1}">here</a> or change your password after you <a href="{link2}">logged in</a>.</p>'
NOTERESETPASSWORD: 'Enter your e-mail address and we will send you a link with which you can reset your password'
PASSWORDSENTHEADER: 'Password reset link sent to ''{email}'''
PASSWORDSENTTEXT: 'Thank you! A reset link has been sent to ''{email}'', provided an account exists for this email address.'
PASSWORDRESETSENTHEADER: 'Password reset link sent'
PASSWORDRESETSENTTEXT: 'Thank you. A reset link has been sent, provided an account exists for this email address.'

View File

@ -27,8 +27,8 @@ class LostPasswordHandler extends RequestHandler
* @var array
*/
private static $url_handlers = [
'passwordsent/$EmailAddress' => 'passwordsent',
'' => 'lostpassword',
'passwordsent' => 'passwordsent',
'' => 'lostpassword',
];
/**
@ -101,27 +101,17 @@ class LostPasswordHandler extends RequestHandler
*/
public function passwordsent()
{
$request = $this->getRequest();
$email = Convert::raw2xml(rawurldecode($request->param('EmailAddress')));
if ($request->getExtension()) {
$email = $email . '.' . Convert::raw2xml($request->getExtension());
}
$message = _t(
'SilverStripe\\Security\\Security.PASSWORDSENTTEXT',
"Thank you! A reset link has been sent to '{email}', provided an account exists for this email"
. " address.",
['email' => Convert::raw2xml($email)]
'SilverStripe\\Security\\Security.PASSWORDRESETSENTTEXT',
"Thank you. A reset link has been sent, provided an account exists for this email address."
);
return [
'Title' => _t(
'SilverStripe\\Security\\Security.PASSWORDSENTHEADER',
"Password reset link sent to '{email}'",
array('email' => $email)
'Title' => _t(
'SilverStripe\\Security\\Security.PASSWORDRESETSENTHEADER',
"Password reset link sent"
),
'Content' => DBField::create_field('HTMLFragment', "<p>$message</p>"),
'Email' => $email
];
}
@ -263,11 +253,7 @@ class LostPasswordHandler extends RequestHandler
*/
protected function redirectToSuccess(array $data)
{
$link = Controller::join_links(
$this->Link('passwordsent'),
rawurlencode($data['Email']),
'/'
);
$link = $this->link('passwordsent');
return $this->redirect($this->addBackURLParam($link));
}

View File

@ -239,7 +239,7 @@ class MemberTest extends FunctionalTest
// We should get redirected to Security/passwordsent
$this->assertContains(
'Security/lostpassword/passwordsent/testuser@example.com',
'Security/lostpassword/passwordsent',
urldecode($response->getHeader('Location'))
);