password reset - add server to logins email, ignore errors on request…

…s for email This commit has 2 minor changes: 1. add the katello server root url to the email sent to the user containing logins. This will give user quick access to the server. 2. ignore db errors for the password and login unknown requests... this is being done on purpose to not give user hints as to possible valid email addresses...etc, if performing malicious attempts to gain access.
daviddavis · Nov 15, 2011 · c7cc856 · c7cc856
1 parent d73f521
commit c7cc856
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 8 deletions.
diff --git a/src/app/controllers/password_resets_controller.rb b/src/app/controllers/password_resets_controller.rb
@@ -75,19 +75,15 @@ def find_user_by_user_and_email
     begin
       @user = User.find_by_username_and_email!(params[:username], params[:email])
     rescue Exception => error
-      errors error.to_s, {:persist => false}
-      redirect_to root_url
-      execute_after_filters
+      Rails.logger.error error.to_s
     end
   end
 
   def find_users_by_email
     begin
       @users = User.where(:email => params[:email])
     rescue Exception => error
-      errors error.to_s, {:persist => false}
-      redirect_to root_url
-      execute_after_filters
+      Rails.logger.error error.to_s
     end
   end
 

diff --git a/src/app/views/user_mailer/logins.text.haml b/src/app/views/user_mailer/logins.text.haml
@@ -1,6 +1,5 @@
-#{_("A request has been received to retrieve the Katello logins for email '%s'. The following is a list of those logins:") % @email}
+#{_("A request has been received by Katello server '%{s}' to retrieve the logins for email '%{e}'. The following is a list of those logins:" % {:s => root_url, :e => @email})}
 
 - @users.each do |user|
   = user.username
 
-