diff --git a/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee b/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee index 53a0a8bb6e..d5030cffaa 100644 --- a/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee +++ b/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee @@ -1,6 +1,6 @@ PasswordResetHandler = require("./PasswordResetHandler") RateLimiter = require("../../infrastructure/RateLimiter") - +logger = require "logger-sharelatex" module.exports = @@ -18,11 +18,13 @@ module.exports = RateLimiter.addCount opts, (err, canCompile)-> if !canCompile return res.send 500, { message: req.i18n.translate("rate_limit_hit_wait")} - PasswordResetHandler.generateAndEmailResetToken email, (err)-> + PasswordResetHandler.generateAndEmailResetToken email, (err, exists)-> if err? res.send 500, {message:err?.message} - else + else if exists res.send 200 + else + res.send 404, {message: req.i18n.translate("cant_find_email")} renderSetPasswordForm: (req, res)-> res.render "user/setPassword", diff --git a/services/web/app/coffee/Features/PasswordReset/PasswordResetHandler.coffee b/services/web/app/coffee/Features/PasswordReset/PasswordResetHandler.coffee index 62dcc70a8c..eee8d51a72 100644 --- a/services/web/app/coffee/Features/PasswordReset/PasswordResetHandler.coffee +++ b/services/web/app/coffee/Features/PasswordReset/PasswordResetHandler.coffee @@ -8,18 +8,20 @@ logger = require("logger-sharelatex") module.exports = - generateAndEmailResetToken:(email, callback)-> + generateAndEmailResetToken:(email, callback = (error, exists) ->)-> UserGetter.getUser email:email, (err, user)-> if err then return callback(err) if !user? logger.err email:email, "user could not be found for password reset" - return callback(message:"Can't find that email, sorry.") + return callback(null, false) PasswordResetTokenHandler.getNewToken user._id, (err, token)-> if err then return callback(err) emailOptions = to : email setNewPasswordUrl : "#{settings.siteUrl}/user/password/set?passwordResetToken=#{token}" - EmailHandler.sendEmail "passwordResetRequested", emailOptions, callback + EmailHandler.sendEmail "passwordResetRequested", emailOptions, (error) -> + return callback(error) if error? + callback null, true setNewUserPassword: (token, password, callback)-> PasswordResetTokenHandler.getUserIdFromTokenAndExpire token, (err, user_id)-> diff --git a/services/web/public/coffee/directives/asyncForm.coffee b/services/web/public/coffee/directives/asyncForm.coffee index f38dc40e6e..eb9a73b435 100644 --- a/services/web/public/coffee/directives/asyncForm.coffee +++ b/services/web/public/coffee/directives/asyncForm.coffee @@ -43,7 +43,7 @@ define [ response.success = false response.error = true response.message = - text: data.message?.text or "Something went wrong talking to the server :(. Please try again." + text: data.message?.text or data.message or "Something went wrong talking to the server :(. Please try again." type: 'error' ga('send', 'event', formName, 'failure', data.message) } diff --git a/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetControllerTests.coffee b/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetControllerTests.coffee index 6b9968318e..c7665e0546 100644 --- a/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetControllerTests.coffee +++ b/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetControllerTests.coffee @@ -39,7 +39,7 @@ describe "PasswordResetController", -> describe "requestReset", -> it "should error if the rate limit is hit", (done)-> - @PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1) + @PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1, null, true) @RateLimiter.addCount.callsArgWith(1, null, false) @res.send = (code)=> code.should.equal 500 @@ -50,7 +50,7 @@ describe "PasswordResetController", -> it "should tell the handler to process that email", (done)-> @RateLimiter.addCount.callsArgWith(1, null, true) - @PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1) + @PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1, null, true) @res.send = (code)=> code.should.equal 200 @PasswordResetHandler.generateAndEmailResetToken.calledWith(@email.trim()).should.equal true @@ -65,11 +65,19 @@ describe "PasswordResetController", -> done() @PasswordResetController.requestReset @req, @res + it "should send a 404 if the email doesn't exist", (done)-> + @RateLimiter.addCount.callsArgWith(1, null, true) + @PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1, null, false) + @res.send = (code)=> + code.should.equal 404 + done() + @PasswordResetController.requestReset @req, @res + it "should lowercase the email address", (done)-> @email = "UPerCaseEMAIL@example.Com" @req.body.email = @email @RateLimiter.addCount.callsArgWith(1, null, true) - @PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1) + @PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1, null, true) @res.send = (code)=> code.should.equal 200 @PasswordResetHandler.generateAndEmailResetToken.calledWith(@email.toLowerCase()).should.equal true diff --git a/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetHandlerTests.coffee b/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetHandlerTests.coffee index 99ffe69dce..ce5aaa0f75 100644 --- a/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetHandlerTests.coffee +++ b/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetHandlerTests.coffee @@ -42,8 +42,8 @@ describe "PasswordResetHandler", -> it "should check the user exists", (done)-> @UserGetter.getUser.callsArgWith(1) @PasswordResetTokenHandler.getNewToken.callsArgWith(1) - @PasswordResetHandler.generateAndEmailResetToken @user.email, (err)=> - should.exist(err) + @PasswordResetHandler.generateAndEmailResetToken @user.email, (err, exists)=> + exists.should.equal false done() @@ -52,8 +52,9 @@ describe "PasswordResetHandler", -> @UserGetter.getUser.callsArgWith(1, null, @user) @PasswordResetTokenHandler.getNewToken.callsArgWith(1, null, @token) @EmailHandler.sendEmail.callsArgWith(2) - @PasswordResetHandler.generateAndEmailResetToken @user.email, (err)=> + @PasswordResetHandler.generateAndEmailResetToken @user.email, (err, exists)=> @EmailHandler.sendEmail.called.should.equal true + exists.should.equal true args = @EmailHandler.sendEmail.args[0] args[0].should.equal "passwordResetRequested" args[1].setNewPasswordUrl.should.equal "#{@settings.siteUrl}/user/password/set?passwordResetToken=#{@token}"