github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-21 20:47:08 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #3231 from overleaf/jpa-hide-internal-error-messages

Browse source 
[misc] PasswordResetController: do not expose internal error messages

GitOrigin-RevId: 9eca5e7f5367559d5340363ef859589e218e817f
This commit is contained in:
Simon Detheridge 2020-09-28 11:51:57 +01:00 committed by Copybot
parent 2efd33eae6
commit fdcf327ae7
2 changed files with 13 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
services/web/app/src/Features/PasswordReset/PasswordResetController.js
View file

@ -5,7 +5,7 @@ const AuthenticationManager = require('../Authentication/AuthenticationManager')
const UserGetter = require('../User/UserGetter') const UserGetter = require('../User/UserGetter')
const UserUpdater = require('../User/UserUpdater') const UserUpdater = require('../User/UserUpdater')
const UserSessionsManager = require('../User/UserSessionsManager') const UserSessionsManager = require('../User/UserSessionsManager')
const logger = require('logger-sharelatex') const OError = require('@overleaf/o-error')
const { expressify } = require('../../util/promises') const { expressify } = require('../../util/promises')
async function setNewUserPassword(req, res, next) { async function setNewUserPassword(req, res, next) {
@ -73,7 +73,9 @@ module.exports = {
} }
RateLimiter.addCount(opts, (err, canContinue) => { RateLimiter.addCount(opts, (err, canContinue) => {
if (err != null) { if (err != null) {
res.status(500).send({ message: err.message }) return next(
new OError('rate-limit password reset failed').withCause(err)
)
} }
if (!canContinue) { if (!canContinue) {
return res.status(429).send({ return res.status(429).send({
@ -82,11 +84,10 @@ module.exports = {
} }
PasswordResetHandler.generateAndEmailResetToken(email, (err, status) => { PasswordResetHandler.generateAndEmailResetToken(email, (err, status) => {
if (err != null) { if (err != null) {
logger.warn( OError.tag(err, 'failed to generate and email password reset token', {
{ err }, email
'failed to generate and email password reset token' })
) next(err)
res.status(500).send({ message: err.message })
} else if (status === 'primary') { } else if (status === 'primary') {
res.status(200).send({ res.status(200).send({
message: { text: req.i18n.translate('password_reset_email_sent') } message: { text: req.i18n.translate('password_reset_email_sent') }

9
services/web/test/unit/src/PasswordReset/PasswordResetControllerTests.js
View file

@ -117,11 +117,12 @@ describe('PasswordResetController', function() {
this.RateLimiter.addCount.callsArgWith(1, null, true) this.RateLimiter.addCount.callsArgWith(1, null, true)
this.PasswordResetHandler.generateAndEmailResetToken.callsArgWith( this.PasswordResetHandler.generateAndEmailResetToken.callsArgWith(
1, 1,
'error' new Error('error')
) )
this.PasswordResetController.requestReset(this.req, this.res) this.PasswordResetController.requestReset(this.req, this.res, error => {
this.res.statusCode.should.equal(500) expect(error).to.exist
done() done()
})
}) })
it("should send a 404 if the email doesn't exist", function(done) { it("should send a 404 if the email doesn't exist", function(done) {