]> BookStack Code Mirror - bookstack/commit
projects / bookstack / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 053cbbd)
Updated password reset process not to indicate if email exists
authorDan Brown <redacted>
Fri, 10 Apr 2020 12:38:08 +0000 (13:38 +0100)
committerDan Brown <redacted>
Fri, 10 Apr 2020 12:38:08 +0000 (13:38 +0100)
commitba1be9d710fe5d7fc242f2a3a706265b49f83210
treeabb60580d3ac1789c904cad66bf94207d1c2116ftree | snapshot
parent053cbbd5b6cd98788ae4f0c56fc220ae6b020736commit | diff
Updated password reset process not to indicate if email exists

- Intended to prevent enumeration to check if a user exists.
- Updated messages on both the reqest-reset and set-password elements.
- Also updated notification auto-hide to be dynamic based upon the
amount of words within the notification.
- Added tests to cover.

For #2016
app/Http/Controllers/Auth/ForgotPasswordController.php diff | blob | history
app/Http/Controllers/Auth/ResetPasswordController.php diff | blob | history
resources/js/components/notification.js diff | blob | history
resources/lang/en/auth.php diff | blob | history
resources/lang/en/passwords.php diff | blob | history
tests/Auth/AuthTest.php diff | blob | history
The core source code for the BookStack project.