From 2cb5ec598388f5281e01e17e650421103b562b30 Mon Sep 17 00:00:00 2001
From: LefsFlare <LefsFlarey@users.noreply.github.com>
Date: Mon, 17 Oct 2016 10:08:40 +0800
Subject: [PATCH] Prevented user enumeration of valid users through HTTP status
 codes of login (#3639) (#3654)

---
 routers/user/auth.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/routers/user/auth.go b/routers/user/auth.go
index 031ac026b..7117f1ec7 100644
--- a/routers/user/auth.go
+++ b/routers/user/auth.go
@@ -341,8 +341,10 @@ func ForgotPasswdPost(ctx *context.Context) {
 	u, err := models.GetUserByEmail(email)
 	if err != nil {
 		if models.IsErrUserNotExist(err) {
-			ctx.Data["Err_Email"] = true
-			ctx.RenderWithErr(ctx.Tr("auth.email_not_associate"), FORGOT_PASSWORD, nil)
+			ctx.Data["Hours"] = setting.Service.ActiveCodeLives / 60
+			ctx.Data["IsResetSent"] = true
+			ctx.HTML(200, FORGOT_PASSWORD)
+			return
 		} else {
 			ctx.Handle(500, "user.ResetPasswd(check existence)", err)
 		}