Merge pull request #8223 from dhensby/pulls/4.0/remove-email-from-pswdrecovery

FIX remove personal information from password reset confirmation screen
2024-10-22 14:05:37 +02:00 · 2018-07-06 11:27:03 +12:00 · 2018-07-06 11:27:03 +12:00 · 2e6f29fea0
commit 2e6f29fea0
parent 0bd613a3b4 560fe9820a
3 changed files with 11 additions and 25 deletions
--- a/lang/en.yml
+++ b/lang/en.yml
@ -325,5 +325,5 @@ en:
    NOTEPAGESECURED: 'That page is secured. Enter your credentials below and we will send you right along.'
    NOTERESETLINKINVALID: '<p>The password reset link is invalid or expired.</p><p>You can request a new one <a href="{link1}">here</a> or change your password after you <a href="{link2}">logged in</a>.</p>'
    NOTERESETPASSWORD: 'Enter your e-mail address and we will send you a link with which you can reset your password'
-    PASSWORDSENTHEADER: 'Password reset link sent to ''{email}'''
-    PASSWORDSENTTEXT: 'Thank you! A reset link has been sent to ''{email}'', provided an account exists for this email address.'
+    PASSWORDRESETSENTHEADER: 'Password reset link sent'
+    PASSWORDRESETSENTTEXT: 'Thank you. A reset link has been sent, provided an account exists for this email address.'
--- a/src/Security/MemberAuthenticator/LostPasswordHandler.php
+++ b/src/Security/MemberAuthenticator/LostPasswordHandler.php
@ -27,7 +27,7 @@ class LostPasswordHandler extends RequestHandler
     * @var array
     */
    private static $url_handlers = [
-        'passwordsent/$EmailAddress' => 'passwordsent',
+        'passwordsent' => 'passwordsent',
        '' => 'lostpassword',
    ];

@ -101,27 +101,17 @@ class LostPasswordHandler extends RequestHandler
     */
    public function passwordsent()
    {
-        $request = $this->getRequest();
-        $email = Convert::raw2xml(rawurldecode($request->param('EmailAddress')));
-        if ($request->getExtension()) {
-            $email = $email . '.' . Convert::raw2xml($request->getExtension());
-        }
-
        $message = _t(
-            'SilverStripe\\Security\\Security.PASSWORDSENTTEXT',
-            "Thank you! A reset link has been sent to '{email}', provided an account exists for this email"
-            . " address.",
-            ['email' => Convert::raw2xml($email)]
+            'SilverStripe\\Security\\Security.PASSWORDRESETSENTTEXT',
+            "Thank you. A reset link has been sent, provided an account exists for this email address."
        );

        return [
            'Title' => _t(
-                'SilverStripe\\Security\\Security.PASSWORDSENTHEADER',
-                "Password reset link sent to '{email}'",
-                array('email' => $email)
+                'SilverStripe\\Security\\Security.PASSWORDRESETSENTHEADER',
+                "Password reset link sent"
            ),
            'Content' => DBField::create_field('HTMLFragment', "<p>$message</p>"),
-            'Email'   => $email
        ];
    }

@ -263,11 +253,7 @@ class LostPasswordHandler extends RequestHandler
     */
    protected function redirectToSuccess(array $data)
    {
-        $link = Controller::join_links(
-            $this->Link('passwordsent'),
-            rawurlencode($data['Email']),
-            '/'
-        );
+        $link = $this->link('passwordsent');

        return $this->redirect($this->addBackURLParam($link));
    }
--- a/tests/php/Security/MemberTest.php
+++ b/tests/php/Security/MemberTest.php
@ -239,7 +239,7 @@ class MemberTest extends FunctionalTest

        // We should get redirected to Security/passwordsent
        $this->assertContains(
-            'Security/lostpassword/passwordsent/testuser@example.com',
+            'Security/lostpassword/passwordsent',
            urldecode($response->getHeader('Location'))
        );