From 9937af7ac4ad43a28a3d29a06732cf0f16f3b3a7 Mon Sep 17 00:00:00 2001 From: Erick Guan Date: Wed, 10 Dec 2014 14:17:49 +0800 Subject: [PATCH 1/2] disable sending email or show presence when forgot system user password --- app/controllers/session_controller.rb | 5 +++-- spec/controllers/session_controller_spec.rb | 14 +++++++++++++- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb index 1f8680e31..536278779 100644 --- a/app/controllers/session_controller.rb +++ b/app/controllers/session_controller.rb @@ -120,14 +120,15 @@ class SessionController < ApplicationController RateLimiter.new(nil, "forgot-password-min-#{request.remote_ip}", 3, 1.minute).performed! user = User.find_by_username_or_email(params[:login]) - if user.present? + user_presence = user.present? && user.id != -1 + if user_presence email_token = user.email_tokens.create(email: user.email) Jobs.enqueue(:user_email, type: :forgot_password, user_id: user.id, email_token: email_token.token) end json = { result: "ok" } unless SiteSetting.forgot_password_strict - json[:user_found] = user.present? + json[:user_found] = user_presence end render json: json diff --git a/spec/controllers/session_controller_spec.rb b/spec/controllers/session_controller_spec.rb index a46c6b9c0..97abfe81e 100644 --- a/spec/controllers/session_controller_spec.rb +++ b/spec/controllers/session_controller_spec.rb @@ -134,7 +134,7 @@ describe SessionController do @sso.name = @reversed_name @suggested_username = UserNameSuggester.suggest(@sso.username || @sso.name || @sso.email) - @suggested_name = User.suggest_name(@sso.name || @sso.username || @sso.email) + @suggested_name = User.suggest_name(@sso.name || @sso.username || @sso.email) @user.create_single_sign_on_record(external_id: '997', last_payload: '') end @@ -431,6 +431,18 @@ describe SessionController do end end + context 'do nothing to system username' do + let(:user) { User.find(-1) } + + it 'generates no token for system username' do + lambda { xhr :post, :forgot_password, login: user.username}.should_not change(EmailToken, :count) + end + + it 'enqueues no email' do + Jobs.expects(:enqueue).never + xhr :post, :forgot_password, login: user.username + end + end end describe '.current' do From ceca85c9eb88c3a89aa179419a72c192b97a7331 Mon Sep 17 00:00:00 2001 From: Erick Guan Date: Thu, 18 Dec 2014 18:21:06 +0800 Subject: [PATCH 2/2] use system user helper and constant when it's referred --- app/controllers/session_controller.rb | 2 +- spec/controllers/session_controller_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb index 536278779..e58f0447d 100644 --- a/app/controllers/session_controller.rb +++ b/app/controllers/session_controller.rb @@ -120,7 +120,7 @@ class SessionController < ApplicationController RateLimiter.new(nil, "forgot-password-min-#{request.remote_ip}", 3, 1.minute).performed! user = User.find_by_username_or_email(params[:login]) - user_presence = user.present? && user.id != -1 + user_presence = user.present? && user.id != Discourse::SYSTEM_USER_ID if user_presence email_token = user.email_tokens.create(email: user.email) Jobs.enqueue(:user_email, type: :forgot_password, user_id: user.id, email_token: email_token.token) diff --git a/spec/controllers/session_controller_spec.rb b/spec/controllers/session_controller_spec.rb index 97abfe81e..b16fdeff3 100644 --- a/spec/controllers/session_controller_spec.rb +++ b/spec/controllers/session_controller_spec.rb @@ -432,7 +432,7 @@ describe SessionController do end context 'do nothing to system username' do - let(:user) { User.find(-1) } + let(:user) { Discourse.system_user } it 'generates no token for system username' do lambda { xhr :post, :forgot_password, login: user.username}.should_not change(EmailToken, :count)