rooty/fab-manager
1
0
Fork 0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2025-02-26 20:54:21 +01:00
Code Issues Releases Activity

prevents users enumeration attacks by not giving any info about the validity of the email

Browse Source
This commit is contained in:
Nicolas Florentin 2022-07-29 16:02:58 +02:00
parent acbd327f6d
commit 98c7da492d
6 changed files with 13 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/controllers/confirmations_controller.rb
View File

@ -2,6 +2,17 @@
# Devise controller to handle validation of email addresses # Devise controller to handle validation of email addresses
class ConfirmationsController < Devise::ConfirmationsController class ConfirmationsController < Devise::ConfirmationsController
# POST /resource/confirmation
def create
self.resource = resource_class.send_confirmation_instructions(resource_params)
yield resource if block_given?
if successfully_sent?(resource)
respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name))
end
end
# The path used after confirmation. # The path used after confirmation.
def after_confirmation_path_for(_resource_name, resource) def after_confirmation_path_for(_resource_name, resource)
signed_in_root_path(resource) signed_in_root_path(resource)

2
app/controllers/passwords_controller.rb
View File

@ -9,8 +9,6 @@ class PasswordsController < Devise::PasswordsController
if successfully_sent?(resource) if successfully_sent?(resource)
respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name)) respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name))
else
head 404
end end
end end

12
app/frontend/src/javascript/controllers/application.js
View File

@ -504,14 +504,8 @@ Application.Controllers.controller('ApplicationController', ['$rootScope', '$sco
controller: ['$scope', '$uibModalInstance', '$http', function ($scope, $uibModalInstance, $http) { controller: ['$scope', '$uibModalInstance', '$http', function ($scope, $uibModalInstance, $http) {
$scope.user = { email: '' }; $scope.user = { email: '' };
$scope.sendReset = function () { $scope.sendReset = function () {
$scope.alerts = [];
return $http.post('/users/password.json', { user: $scope.user }).then(function () { return $http.post('/users/password.json', { user: $scope.user }).then(function () {
$uibModalInstance.close(); $uibModalInstance.close();
}).catch(function () {
$scope.alerts.push({
msg: _t('app.public.common.your_email_address_is_unknown'),
type: 'danger'
});
}); });
}; };
}] }]
@ -526,14 +520,8 @@ Application.Controllers.controller('ApplicationController', ['$rootScope', '$sco
controller: ['$scope', '$uibModalInstance', '$http', function ($scope, $uibModalInstance, $http) { controller: ['$scope', '$uibModalInstance', '$http', function ($scope, $uibModalInstance, $http) {
$scope.user = { email: '' }; $scope.user = { email: '' };
$scope.submitConfirmationNewForm = function () { $scope.submitConfirmationNewForm = function () {
$scope.alerts = [];
return $http.post('/users/confirmation.json', { user: $scope.user }).then(function () { return $http.post('/users/confirmation.json', { user: $scope.user }).then(function () {
$uibModalInstance.close(); $uibModalInstance.close();
}).catch(function (res) {
$scope.alerts.push({
msg: res.data.errors.email[0],
type: 'danger'
});
}); });
}; };
}] }]

1
app/frontend/templates/shared/ConfirmationNewModal.html
View File

@ -4,7 +4,6 @@
<h1 translate>{{ 'app.public.common.confirm_my_account' }}</h1> <h1 translate>{{ 'app.public.common.confirm_my_account' }}</h1>
</div> </div>
<div class="modal-body"> <div class="modal-body">
<uib-alert ng-repeat="alert in alerts" type="{{alert.type}}" close="closeAlert($index)">{{alert.msg}}</uib-alert>
<div class="panel panel-default bg-light"> <div class="panel panel-default bg-light">
<div class="panel-body"> <div class="panel-body">
<p translate>{{ 'app.public.common.you_will_receive_confirmation_instructions_by_email' }}</p> <p translate>{{ 'app.public.common.you_will_receive_confirmation_instructions_by_email' }}</p>

1
app/frontend/templates/shared/passwordNewModal.html
View File

@ -4,7 +4,6 @@
<h1 translate>{{ 'app.public.common.password_forgotten' }}</h1> <h1 translate>{{ 'app.public.common.password_forgotten' }}</h1>
</div> </div>
<div class="modal-body"> <div class="modal-body">
<uib-alert ng-repeat="alert in alerts" type="{{alert.type}}" close="closeAlert($index)">{{alert.msg}}</uib-alert>
<div class="panel panel-default bg-light"> <div class="panel panel-default bg-light">
<div class="panel-body"> <div class="panel-body">
<form name="passwordNewForm" class="form-horizontal" ng-keydown="passwordNewForm.$valid && $event.which == 13 && sendReset()"> <form name="passwordNewForm" class="form-horizontal" ng-keydown="passwordNewForm.$valid && $event.which == 13 && sendReset()">

5
config/locales/app.public.en.yml
View File

@ -101,7 +101,7 @@ en:
used_for_reservation: "This data will be used in case of change on one of your bookings" used_for_reservation: "This data will be used in case of change on one of your bookings"
used_for_profile: "This data will only be displayed on your profile" used_for_profile: "This data will only be displayed on your profile"
public_profile: "You will have a public profile and other users will be able to associate you in their projects" public_profile: "You will have a public profile and other users will be able to associate you in their projects"
you_will_receive_confirmation_instructions_by_email_detailed: "You will receive an email with instructions about how to confirm your account in a few minutes." you_will_receive_confirmation_instructions_by_email_detailed: "If your e-mail address is valid, you will receive an email with instructions about how to confirm your account in a few minutes."
#password modification modal #password modification modal
change_your_password: "Change your password" change_your_password: "Change your password"
your_new_password: "Your new password" your_new_password: "Your new password"
@ -117,8 +117,7 @@ en:
#confirmation modal #confirmation modal
you_will_receive_confirmation_instructions_by_email: "You will receive confirmation instructions by email." you_will_receive_confirmation_instructions_by_email: "You will receive confirmation instructions by email."
#forgotten password modal #forgotten password modal
your_email_address_is_unknown: "Your e-mail address is unknown." you_will_receive_in_a_moment_an_email_with_instructions_to_reset_your_password: "If your e-mail address is valid, you will receive in a moment an e-mail with instructions to reset your password."
you_will_receive_in_a_moment_an_email_with_instructions_to_reset_your_password: "You will receive in a moment, an e-mail with instructions to reset your password."
#Fab-manager's version #Fab-manager's version
version: "Version:" version: "Version:"
upgrade_fabmanager: "Upgrade Fab-manager" upgrade_fabmanager: "Upgrade Fab-manager"