From 5c1f6367064ec0c3464f4eb533143fac26a435c2 Mon Sep 17 00:00:00 2001 From: Andres Campanario Date: Tue, 12 Mar 2024 13:06:31 +0100 Subject: [PATCH 1/3] respond with a generic message instead of 'That account does not exist' --- src/Controller/Traits/PasswordManagementTrait.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/Controller/Traits/PasswordManagementTrait.php b/src/Controller/Traits/PasswordManagementTrait.php index 56a1383f..b0324f91 100644 --- a/src/Controller/Traits/PasswordManagementTrait.php +++ b/src/Controller/Traits/PasswordManagementTrait.php @@ -164,20 +164,20 @@ public function requestResetPassword() 'type' => 'password', ]); if ($resetUser) { - $msg = __d('cake_d_c/users', 'Please check your email to continue with password reset process'); + $msg = __d('cake_d_c/users', 'If the account is valid, the system will send an instructional email to the address on record.'); $this->Flash->success($msg); } else { - $msg = __d('cake_d_c/users', 'The password token could not be generated. Please try again'); + $msg = __d('cake_d_c/users', 'There was an error please contact Administrator'); $this->Flash->error($msg); } return $this->redirect(['action' => 'login']); - } catch (UserNotFoundException $exception) { - $this->Flash->error(__d('cake_d_c/users', 'User {0} was not found', $reference)); - } catch (UserNotActiveException $exception) { - $this->Flash->error(__d('cake_d_c/users', 'The user is not active')); + } catch (UserNotFoundException | UserNotActiveException $exception) { + $msg = __d('cake_d_c/users', 'If the account is valid, the system will send an instructional email to the address on record.'); + $this->Flash->success($msg); } catch (Exception $exception) { - $this->Flash->error(__d('cake_d_c/users', 'Token could not be reset')); + $msg = __d('cake_d_c/users', 'There was an error please contact Administrator'); + $this->Flash->error($msg); $this->log($exception->getMessage()); } } From 158dd5ee96537d0005486f323eaa5fe96148221e Mon Sep 17 00:00:00 2001 From: Andres Campanario Date: Tue, 12 Mar 2024 17:34:35 +0100 Subject: [PATCH 2/3] fix tests --- .../Integration/PasswordManagementTraitIntegrationTest.php | 4 ++-- .../Controller/Traits/PasswordManagementTraitTest.php | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/TestCase/Controller/Traits/Integration/PasswordManagementTraitIntegrationTest.php b/tests/TestCase/Controller/Traits/Integration/PasswordManagementTraitIntegrationTest.php index 96c85888..5950f97e 100644 --- a/tests/TestCase/Controller/Traits/Integration/PasswordManagementTraitIntegrationTest.php +++ b/tests/TestCase/Controller/Traits/Integration/PasswordManagementTraitIntegrationTest.php @@ -61,7 +61,7 @@ public function testRequestResetPasswordPostValidEmail() ]; $this->post('/users/request-reset-password', $data); $this->assertRedirect('/login'); - $this->assertFlashMessage('Please check your email to continue with password reset process'); + $this->assertFlashMessage('If the account is valid, the system will send an instructional email to the address on record.'); $userAfter = $Table->find()->where(['email' => '4@example.com'])->firstOrFail(); $this->assertNotEquals('token-4', $userAfter->token); $this->assertNotEmpty($userAfter->token); @@ -107,6 +107,6 @@ public function testRequestResetPasswordPostInvalidEmail() ]; $this->post('/users/request-reset-password', $data); $this->assertResponseOk(); - $this->assertFlashMessage('User someother.un@example.com was not found'); + $this->assertFlashMessage('If the account is valid, the system will send an instructional email to the address on record.'); } } diff --git a/tests/TestCase/Controller/Traits/PasswordManagementTraitTest.php b/tests/TestCase/Controller/Traits/PasswordManagementTraitTest.php index 9a3d8a6a..8384ad9a 100644 --- a/tests/TestCase/Controller/Traits/PasswordManagementTraitTest.php +++ b/tests/TestCase/Controller/Traits/PasswordManagementTraitTest.php @@ -401,7 +401,7 @@ public function testRequestPasswordEmptyReference() ->will($this->returnValue($reference)); $this->Trait->Flash->expects($this->any()) ->method('error') - ->with('Token could not be reset'); + ->with('There was an error please contact Administrator'); $this->Trait->expects($this->never()) ->method('redirect'); @@ -431,8 +431,8 @@ public function testEnsureUserActiveForResetPasswordFeature($ensureActive) ->with('reference') ->will($this->returnValue($reference)); $this->Trait->Flash->expects($expectError) - ->method('error') - ->with('The user is not active'); + ->method('success') + ->with('If the account is valid, the system will send an instructional email to the address on record.'); $this->Trait->requestResetPassword(); $this->assertNotEquals('xxx', $this->table->get('00000000-0000-0000-0000-000000000001')->token); } From 5da6e897082bb22e3dcddd543bb96ba24fc8ced3 Mon Sep 17 00:00:00 2001 From: Andres Campanario Date: Wed, 13 Mar 2024 09:47:00 +0100 Subject: [PATCH 3/3] fix test testEnsureUserActiveForResetPasswordFeature --- .../TestCase/Controller/Traits/PasswordManagementTraitTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/TestCase/Controller/Traits/PasswordManagementTraitTest.php b/tests/TestCase/Controller/Traits/PasswordManagementTraitTest.php index 8384ad9a..dcbd7d1b 100644 --- a/tests/TestCase/Controller/Traits/PasswordManagementTraitTest.php +++ b/tests/TestCase/Controller/Traits/PasswordManagementTraitTest.php @@ -415,7 +415,7 @@ public function testRequestPasswordEmptyReference() */ public function testEnsureUserActiveForResetPasswordFeature($ensureActive) { - $expectError = $this->never(); + $expectError = $this->any(); if ($ensureActive) { Configure::write('Users.Registration.ensureActive', true);