FIX remove personal information from password reset confirmation screen

This commit is contained in:
Daniel Hensby 2018-06-26 13:29:59 +01:00
parent b6db400f56
commit 6e1c7c2781
No known key found for this signature in database
GPG Key ID: D8DEBC4C8E7BC8B9
3 changed files with 11 additions and 25 deletions

View File

@ -325,5 +325,5 @@ en:
NOTEPAGESECURED: 'That page is secured. Enter your credentials below and we will send you right along.' NOTEPAGESECURED: 'That page is secured. Enter your credentials below and we will send you right along.'
NOTERESETLINKINVALID: '<p>The password reset link is invalid or expired.</p><p>You can request a new one <a href="{link1}">here</a> or change your password after you <a href="{link2}">logged in</a>.</p>' NOTERESETLINKINVALID: '<p>The password reset link is invalid or expired.</p><p>You can request a new one <a href="{link1}">here</a> or change your password after you <a href="{link2}">logged in</a>.</p>'
NOTERESETPASSWORD: 'Enter your e-mail address and we will send you a link with which you can reset your password' NOTERESETPASSWORD: 'Enter your e-mail address and we will send you a link with which you can reset your password'
PASSWORDSENTHEADER: 'Password reset link sent to ''{email}''' PASSWORDRESETSENTHEADER: 'Password reset link sent'
PASSWORDSENTTEXT: 'Thank you! A reset link has been sent to ''{email}'', provided an account exists for this email address.' PASSWORDRESETSENTTEXT: 'Thank you. A reset link has been sent, provided an account exists for this email address.'

View File

@ -27,8 +27,8 @@ class LostPasswordHandler extends RequestHandler
* @var array * @var array
*/ */
private static $url_handlers = [ private static $url_handlers = [
'passwordsent/$EmailAddress' => 'passwordsent', 'passwordsent' => 'passwordsent',
'' => 'lostpassword', '' => 'lostpassword',
]; ];
/** /**
@ -101,27 +101,17 @@ class LostPasswordHandler extends RequestHandler
*/ */
public function passwordsent() public function passwordsent()
{ {
$request = $this->getRequest();
$email = Convert::raw2xml(rawurldecode($request->param('EmailAddress')));
if ($request->getExtension()) {
$email = $email . '.' . Convert::raw2xml($request->getExtension());
}
$message = _t( $message = _t(
'SilverStripe\\Security\\Security.PASSWORDSENTTEXT', 'SilverStripe\\Security\\Security.PASSWORDRESETSENTTEXT',
"Thank you! A reset link has been sent to '{email}', provided an account exists for this email" "Thank you. A reset link has been sent, provided an account exists for this email address."
. " address.",
['email' => Convert::raw2xml($email)]
); );
return [ return [
'Title' => _t( 'Title' => _t(
'SilverStripe\\Security\\Security.PASSWORDSENTHEADER', 'SilverStripe\\Security\\Security.PASSWORDRESETSENTHEADER',
"Password reset link sent to '{email}'", "Password reset link sent"
array('email' => $email)
), ),
'Content' => DBField::create_field('HTMLFragment', "<p>$message</p>"), 'Content' => DBField::create_field('HTMLFragment', "<p>$message</p>"),
'Email' => $email
]; ];
} }
@ -263,11 +253,7 @@ class LostPasswordHandler extends RequestHandler
*/ */
protected function redirectToSuccess(array $data) protected function redirectToSuccess(array $data)
{ {
$link = Controller::join_links( $link = $this->link('passwordsent');
$this->Link('passwordsent'),
rawurlencode($data['Email']),
'/'
);
return $this->redirect($this->addBackURLParam($link)); return $this->redirect($this->addBackURLParam($link));
} }

View File

@ -239,7 +239,7 @@ class MemberTest extends FunctionalTest
// We should get redirected to Security/passwordsent // We should get redirected to Security/passwordsent
$this->assertContains( $this->assertContains(
'Security/lostpassword/passwordsent/testuser@example.com', 'Security/lostpassword/passwordsent',
urldecode($response->getHeader('Location')) urldecode($response->getHeader('Location'))
); );