mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-29 21:13:43 -05:00
Merge pull request #3231 from overleaf/jpa-hide-internal-error-messages
[misc] PasswordResetController: do not expose internal error messages GitOrigin-RevId: 9eca5e7f5367559d5340363ef859589e218e817f
This commit is contained in:
parent
2efd33eae6
commit
fdcf327ae7
2 changed files with 13 additions and 11 deletions
|
@ -5,7 +5,7 @@ const AuthenticationManager = require('../Authentication/AuthenticationManager')
|
|||
const UserGetter = require('../User/UserGetter')
|
||||
const UserUpdater = require('../User/UserUpdater')
|
||||
const UserSessionsManager = require('../User/UserSessionsManager')
|
||||
const logger = require('logger-sharelatex')
|
||||
const OError = require('@overleaf/o-error')
|
||||
const { expressify } = require('../../util/promises')
|
||||
|
||||
async function setNewUserPassword(req, res, next) {
|
||||
|
@ -73,7 +73,9 @@ module.exports = {
|
|||
}
|
||||
RateLimiter.addCount(opts, (err, canContinue) => {
|
||||
if (err != null) {
|
||||
res.status(500).send({ message: err.message })
|
||||
return next(
|
||||
new OError('rate-limit password reset failed').withCause(err)
|
||||
)
|
||||
}
|
||||
if (!canContinue) {
|
||||
return res.status(429).send({
|
||||
|
@ -82,11 +84,10 @@ module.exports = {
|
|||
}
|
||||
PasswordResetHandler.generateAndEmailResetToken(email, (err, status) => {
|
||||
if (err != null) {
|
||||
logger.warn(
|
||||
{ err },
|
||||
'failed to generate and email password reset token'
|
||||
)
|
||||
res.status(500).send({ message: err.message })
|
||||
OError.tag(err, 'failed to generate and email password reset token', {
|
||||
email
|
||||
})
|
||||
next(err)
|
||||
} else if (status === 'primary') {
|
||||
res.status(200).send({
|
||||
message: { text: req.i18n.translate('password_reset_email_sent') }
|
||||
|
|
|
@ -117,12 +117,13 @@ describe('PasswordResetController', function() {
|
|||
this.RateLimiter.addCount.callsArgWith(1, null, true)
|
||||
this.PasswordResetHandler.generateAndEmailResetToken.callsArgWith(
|
||||
1,
|
||||
'error'
|
||||
new Error('error')
|
||||
)
|
||||
this.PasswordResetController.requestReset(this.req, this.res)
|
||||
this.res.statusCode.should.equal(500)
|
||||
this.PasswordResetController.requestReset(this.req, this.res, error => {
|
||||
expect(error).to.exist
|
||||
done()
|
||||
})
|
||||
})
|
||||
|
||||
it("should send a 404 if the email doesn't exist", function(done) {
|
||||
this.RateLimiter.addCount.callsArgWith(1, null, true)
|
||||
|
|
Loading…
Reference in a new issue