YDA-5724: same flow for existing and non-existing accounts

UtrechtUniversity · May 23, 2024 · f0538c2 · f0538c2
1 parent 85944ef
commit f0538c2
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 10 deletions.
diff --git a/yoda_eus/app.py b/yoda_eus/app.py
@@ -344,14 +344,6 @@ def process_forgot_password() -> Response:
             errors = {"errors": ["Please enter your user name (email address)"]}
             return render_template('forgot-password.html', **errors)
 
-        user = User.query.filter_by(username=username).first()
-
-        if user is None:
-            errors = {"errors": ["User name not found. Only external users can reset their password."]}
-            response = make_response(render_template('forgot-password.html', **errors))
-            response.status_code = 404
-            return response
-
         if (not is_email_valid(username) and app.config.get("MAIL_ONLY_TO_VALID_ADDRESS").lower() == "true"):
             errors = {
                 "errors": ["Unable to send password reset email, "
@@ -361,6 +353,11 @@ def process_forgot_password() -> Response:
             response.status_code = 404
             return response
 
+        user = User.query.filter_by(username=username).first()
+        if user is None:
+            # User name not found. Only external users can reset their password.
+            return render_template("forgot-password-successful.html"), 200
+
         # Generate and update user hash
         secret_hash = get_random_hash()
         user.hash = secret_hash

diff --git a/yoda_eus/templates/web/forgot-password-successful.html b/yoda_eus/templates/web/forgot-password-successful.html
@@ -12,7 +12,7 @@
     <div class="offset-md-2 col-md-8">
         <div class="card">
             <div class="card-body">
-            We have sent you an email to reset your password.
+            If an account is associated with this email address, you will soon receive an email with instructions to reset your password.
             </div>
         </div>
     </div>

diff --git a/yoda_eus/tests/test_integration.py b/yoda_eus/tests/test_integration.py
@@ -102,7 +102,7 @@ def test_forgot_password_show_form(self, test_client):
     def test_forgot_password_nonexistent(self, test_client):
         with test_client as c:
             response = c.post('/user/forgot-password', data={"username": "doesnotexist"})
-            assert response.status_code == 404
+            assert response.status_code == 200
 
     def test_forgot_password_existing(self, test_client):
         auth_headers = {'X-Yoda-External-User-Secret': 'dummy_api_secret'}