Skip to content
Permalink
Browse files Browse the repository at this point in the history
prevent log forging when doing password reset init request
  • Loading branch information
atomfrede committed May 6, 2020
1 parent 72d229b commit 426ccab
Showing 1 changed file with 2 additions and 2 deletions.
Expand Up @@ -406,7 +406,7 @@ class AccountResource(
} else {
// Pretend the request has been successful to prevent checking which emails really exist
// but log that an invalid attempt has been made
log.warn("Password reset requested for non existing mail '$mail'");
log.warn("Password reset requested for non existing mail");
}
}
<%_ } else { _%>
Expand All @@ -418,7 +418,7 @@ class AccountResource(
} else {
// Pretend the request has been successful to prevent checking which emails really exist
// but log that an invalid attempt has been made
log.warn("Password reset request for non existing email '$mail'")
log.warn("Password reset request for non existing email")
}
}.then()
<%_ } _%>
Expand Down

0 comments on commit 426ccab

Please sign in to comment.