Merge pull request #8223 from dhensby/pulls/4.0/remove-email-from-pswdrecovery

FIX remove personal information from password reset confirmation screen

lang/en.yml

@@ -325,5 +325,5 @@ en:
     NOTEPAGESECURED: 'That page is secured. Enter your credentials below and we will send you right along.'
     NOTERESETLINKINVALID: '<p>The password reset link is invalid or expired.</p><p>You can request a new one <a href="{link1}">here</a> or change your password after you <a href="{link2}">logged in</a>.</p>'
     NOTERESETPASSWORD: 'Enter your e-mail address and we will send you a link with which you can reset your password'
-    PASSWORDSENTHEADER: 'Password reset link sent to ''{email}'''
+    PASSWORDRESETSENTHEADER: 'Password reset link sent'
-    PASSWORDSENTTEXT: 'Thank you! A reset link has been sent to ''{email}'', provided an account exists for this email address.'
+    PASSWORDRESETSENTTEXT: 'Thank you. A reset link has been sent, provided an account exists for this email address.'

src/Security/MemberAuthenticator/LostPasswordHandler.php

@@ -27,7 +27,7 @@ class LostPasswordHandler extends RequestHandler
      * @var array
      */
     private static $url_handlers = [
-        'passwordsent/$EmailAddress' => 'passwordsent',
+        'passwordsent' => 'passwordsent',
         '' => 'lostpassword',
     ];
 
@@ -101,27 +101,17 @@ class LostPasswordHandler extends RequestHandler
      */
     public function passwordsent()
     {
-        $request = $this->getRequest();
-        $email = Convert::raw2xml(rawurldecode($request->param('EmailAddress')));
-        if ($request->getExtension()) {
-            $email = $email . '.' . Convert::raw2xml($request->getExtension());
-        }
-
         $message = _t(
-            'SilverStripe\\Security\\Security.PASSWORDSENTTEXT',
+            'SilverStripe\\Security\\Security.PASSWORDRESETSENTTEXT',
-            "Thank you! A reset link has been sent to '{email}', provided an account exists for this email"
+            "Thank you. A reset link has been sent, provided an account exists for this email address."
-            . " address.",
-            ['email' => Convert::raw2xml($email)]
         );
 
         return [
             'Title' => _t(
-                'SilverStripe\\Security\\Security.PASSWORDSENTHEADER',
+                'SilverStripe\\Security\\Security.PASSWORDRESETSENTHEADER',
-                "Password reset link sent to '{email}'",
+                "Password reset link sent"
-                array('email' => $email)
             ),
             'Content' => DBField::create_field('HTMLFragment', "<p>$message</p>"),
-            'Email'   => $email
         ];
     }
 
@@ -263,11 +253,7 @@ class LostPasswordHandler extends RequestHandler
      */
     protected function redirectToSuccess(array $data)
     {
-        $link = Controller::join_links(
+        $link = $this->link('passwordsent');
-            $this->Link('passwordsent'),
-            rawurlencode($data['Email']),
-            '/'
-        );
 
         return $this->redirect($this->addBackURLParam($link));
     }

tests/php/Security/MemberTest.php

@@ -239,7 +239,7 @@ class MemberTest extends FunctionalTest
 
         // We should get redirected to Security/passwordsent
         $this->assertContains(
-            'Security/lostpassword/passwordsent/testuser@example.com',
+            'Security/lostpassword/passwordsent',
             urldecode($response->getHeader('Location'))
         );