From 04fe7d80bbaf24322cb10310df961e5a2eee2898 Mon Sep 17 00:00:00 2001 From: Barry O'Donovan Date: Fri, 21 Oct 2022 15:04:45 +0100 Subject: [PATCH] [IM] Make response to forgotten password generic [ref: 055-9-8] Helps prevent username enumeration attacks. --- app/Http/Controllers/Auth/ForgotPasswordController.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/Http/Controllers/Auth/ForgotPasswordController.php b/app/Http/Controllers/Auth/ForgotPasswordController.php index 8fb791fdc..1708f48fc 100644 --- a/app/Http/Controllers/Auth/ForgotPasswordController.php +++ b/app/Http/Controllers/Auth/ForgotPasswordController.php @@ -130,7 +130,7 @@ public function sendResetLinkEmail( Request $r ): RedirectResponse */ protected function sendResetLinkResponse(): RedirectResponse { - AlertContainer::push( 'The reset link has been sent to your email address.', Alert::SUCCESS ); + AlertContainer::push( 'If your email matches user(s) on the system, then an email listing those users has been sent to you.', Alert::INFO ); return redirect( route( 'login@login' ) ); } @@ -141,7 +141,7 @@ protected function sendResetLinkResponse(): RedirectResponse */ protected function sendResetLinkFailedResponse(): RedirectResponse { - AlertContainer::push( "We can't find a user with that username" , Alert::DANGER ); + AlertContainer::push( "If your email matches user(s) on the system, then an email listing those users has been sent to you." , Alert::INFO ); return back(); } @@ -170,7 +170,7 @@ public function sendUsernameEmail( ForgotUsernameRequest $r ) : RedirectResponse event( new ForgotUsernameEvent( $users, $r->email ) ); } - AlertContainer::push( 'If your email matches user(s) on the system, then an email listing those users has been sent to you.', Alert::SUCCESS ); + AlertContainer::push( 'If your email matches user(s) on the system, then an email listing those users has been sent to you.', Alert::INFO ); return Redirect::to( route( "login@showForm" )); } } \ No newline at end of file