[IM] Make response to forgotten password generic [ref: 055-9-8]

Helps prevent username enumeration attacks.
inex · Oct 21, 2022 · 04fe7d8 · 04fe7d8
1 parent bc9b14c
commit 04fe7d8
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/app/Http/Controllers/Auth/ForgotPasswordController.php b/app/Http/Controllers/Auth/ForgotPasswordController.php
@@ -130,7 +130,7 @@ public function sendResetLinkEmail( Request $r ): RedirectResponse
      */
     protected function sendResetLinkResponse(): RedirectResponse
     {
-        AlertContainer::push( 'The reset link has been sent to your email address.', Alert::SUCCESS );
+        AlertContainer::push( 'If your email matches user(s) on the system, then an email listing those users has been sent to you.', Alert::INFO );
         return redirect( route( 'login@login' ) );
     }
 
@@ -141,7 +141,7 @@ protected function sendResetLinkResponse(): RedirectResponse
      */
     protected function sendResetLinkFailedResponse(): RedirectResponse
     {
-        AlertContainer::push( "We can't find a user with that username" , Alert::DANGER );
+        AlertContainer::push( "If your email matches user(s) on the system, then an email listing those users has been sent to you." , Alert::INFO );
         return back();
     }
 
@@ -170,7 +170,7 @@ public function sendUsernameEmail( ForgotUsernameRequest $r ) : RedirectResponse
             event( new ForgotUsernameEvent( $users, $r->email ) );
         }
 
-        AlertContainer::push( 'If your email matches user(s) on the system, then an email listing those users has been sent to you.', Alert::SUCCESS );
+        AlertContainer::push( 'If your email matches user(s) on the system, then an email listing those users has been sent to you.', Alert::INFO );
         return Redirect::to( route( "login@showForm" ));
     }
 }