Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Technique] [Sécurité] La demande de récup du mot de passe doit retourner une réponse unique #2654

Merged
merged 2 commits into from
Jun 6, 2024
Merged

[Technique] [Sécurité] La demande de récup du mot de passe doit retourner une réponse unique #2654

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3bb8d82
secure activation and reinit password account #2644
numew Jun 5, 2024
1bb41fc
wording #2644
numew Jun 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 9 additions & 25 deletions src/Controller/Security/UserAccountController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,18 +37,13 @@ public function requestLoginLink(
user: $user,
)
);

return $this->render('security/login_link_sent.html.twig', [
'title' => 'Lien d\'activation envoyé !',
'message' => 'Vous allez recevoir un courriel contenant un lien vous pemettant de créer votre mot de passe afin d\'activer votre compte.',
'email' => $email,
]);
}
if ($user && User::STATUS_ACTIVE === $user->getStatut()) {
$this->addFlash('error', 'Votre compte est déjà activé, vous pouvez vous connecter');
} else {
$this->addFlash('error', 'Cette adresse ne correspond à aucun compte, vérifiez votre saisie');
}

return $this->render('security/login_link_sent.html.twig', [
'title' => 'Lien d\'activation',
'message' => 'Si un compte inactif existe pour le courriel indiqué vous allez recevoir un courriel contenant un lien vous pemettant de créer votre mot de passe afin d\'activer votre compte.',
numew marked this conversation as resolved.
Show resolved Hide resolved
'email' => $email,
]);
}

return $this->render('security/login_activation.html.twig');
Expand All @@ -72,23 +67,12 @@ public function requestNewPass(
user: $user
)
);

return $this->render('security/login_link_sent.html.twig', [
'title' => 'Lien de récupération envoyé !',
'message' => 'Vous allez recevoir un courriel contenant un lien vous permettant de réinitialiser votre mot de passe.',
'email' => $email,
]);
}

$typeError = 'DEFAULT';
if ($user && User::STATUS_ACTIVE !== $user->getStatut()) {
$typeError = 'STATUS';
}

return $this->render('security/reset_password.html.twig', [
'title' => $title,
return $this->render('security/login_link_sent.html.twig', [
'title' => 'Lien de récupération',
'message' => 'Si un compte actif existe pour le courriel indiqué vous allez recevoir un courriel contenant un lien vous permettant de réinitialiser votre mot de passe.',
numew marked this conversation as resolved.
Show resolved Hide resolved
'email' => $email,
'typeError' => $typeError,
]);
}

Expand Down
3 changes: 1 addition & 2 deletions templates/security/login_link_sent.html.twig
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,7 @@
<p class="fr-callout__text fr-mb-5v">
{{ message }}
</p>
<em class="fr-fi-information-line fr-text--light fr-text-label--blue-france">Ce courriel à été envoyé à
l'adresse: {{ email }}</em>
<em class="fr-fi-information-line fr-text--light fr-text-label--blue-france">Vérifiez vos courriels sur {{ email }}</em>
numew marked this conversation as resolved.
Show resolved Hide resolved
</header>
</section>
</main>
Expand Down
22 changes: 1 addition & 21 deletions templates/security/reset_password.html.twig
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,27 +14,7 @@
Vous recevrez un courriel avec un lien vous permettant de réinitialiser votre mot de passe.
</em>
</header>
<form action="{{ path('login_mdp_perdu') }}" class="needs-validation fr-mt-5v fr-col-md-6"
name="login-activation-form" method="POST" novalidate="">
{% if typeError is defined %}
{% if typeError == 'STATUS' %}
<div role="alert" class="fr-alert fr-alert--error fr-alert--sm fr-mb-5w">
<p class="fr-alert__title">Compte inactif</p>
<p>
Aucun compte actif ne correspond à l'adresse e-mail "{{email}}".
<br>
Vous pouvez essayer l'<a href="{{ path('login_activation') }}">activation de votre compte.</a>
</p>
</div>
{% else %}
<div role="alert" class="fr-alert fr-alert--error fr-alert--sm fr-mb-5w">
<p class="fr-alert__title">Aucun compte correspondant</p>
<p>
Aucun utilisateur ne correspond à l'adresse e-mail "{{email}}".
</p>
</div>
{% endif %}
{% endif %}
<form action="{{ path('login_mdp_perdu') }}" class="needs-validation fr-mt-5v fr-col-md-6" name="login-activation-form" method="POST" novalidate="">
<div class="fr-input-group">
<label class="fr-label" for="login-email">
Courriel
Expand Down
Loading