[openstreetmap/openstreetmap-website] Be paranoid when sending password reset emails (PR #4555)
Andy Allan
notifications at github.com
Sat Mar 2 15:57:16 UTC 2024
This implements what is known as "paranoid" password reset flash messages ([using the terminology from Devise](https://github.com/heartcombo/devise/blob/bb18f4d3805be0bf5f45e21be39625c7cfd9c1d6/config/locales/en.yml#L36)). It avoids revealing whether the supplied email address is already registered.
Added an explicit test for this situation, so that the test for email non-existance is separate from the duplicate-case tests.
(I originally planned to move the entire passwords_controller to use `Devise::Recoverable`, but that was more challenging than I first thought.)
You can view, comment on, or merge this pull request online at:
https://github.com/openstreetmap/openstreetmap-website/pull/4555
-- Commit Summary --
* Be paranoid when sending password reset emails
-- File Changes --
M app/controllers/passwords_controller.rb (8)
M config/locales/en.yml (5)
M test/controllers/passwords_controller_test.rb (26)
-- Patch Links --
https://github.com/openstreetmap/openstreetmap-website/pull/4555.patch
https://github.com/openstreetmap/openstreetmap-website/pull/4555.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4555
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/4555 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20240302/bb42c01a/attachment.htm>
More information about the rails-dev
mailing list