MieuxVoter
/
gitea-fork-majority-judgment
mirror of https://github.com/domi41/gitea.git
4
0
Fork 0
Code Issues 8 Releases Wiki Polls Activity

Prevented user enumeration of valid users through HTTP status codes of login (#3639) (#3654)

Browse Source
release/v0.9
LefsFlare 8 years ago committed by 无闻
parent 2bec8a4f1e
commit 2cb5ec5983
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File

6
routers/user/auth.go
Unescape View File

@ -341,8 +341,10 @@ func ForgotPasswdPost(ctx *context.Context) {
u, err := models.GetUserByEmail(email) u, err := models.GetUserByEmail(email)
if err != nil { if err != nil {
if models.IsErrUserNotExist(err) { if models.IsErrUserNotExist(err) {
ctx.Data["Err_Email"] = true ctx.Data["Hours"] = setting.Service.ActiveCodeLives / 60
ctx.RenderWithErr(ctx.Tr("auth.email_not_associate"), FORGOT_PASSWORD, nil) ctx.Data["IsResetSent"] = true
ctx.HTML(200, FORGOT_PASSWORD)
return
} else { } else {
ctx.Handle(500, "user.ResetPasswd(check existence)", err) ctx.Handle(500, "user.ResetPasswd(check existence)", err)
} }

Write Preview
Loading…
Cancel
Save