avoid exposing registered email addresses

2026-03-21 21:37:29 +00:00 · 2022-07-13 13:28:07 +02:00
parent d82bb22341
commit 9bbfc2de3f
2 changed files with 3 additions and 2 deletions
--- a/src/main/app/js/controllers.js
+++ b/src/main/app/js/controllers.js
@@ -1683,7 +1683,7 @@ module.controller("LoginCtrl", [
        }

        var recovery_success = function (data) {
-            $scope.recovery_message = "Email has ben sent. Check your inbox."
+            $scope.recovery_message = "An email has been sent if this address was registered. Check your inbox."
        }
        var recovery_error = function (data) {
            $scope.recovery_message = data.data
--- a/src/main/java/com/commafeed/frontend/resource/UserREST.java
+++ b/src/main/java/com/commafeed/frontend/resource/UserREST.java
@@ -259,8 +259,9 @@ public class UserREST {
 	public Response sendPasswordReset(@Valid @ApiParam(required = true) PasswordResetRequest req) {
 		User user = userDAO.findByEmail(req.getEmail());
 		if (user == null) {
-			return Response.status(Status.PRECONDITION_FAILED).entity("Email not found.").type(MediaType.TEXT_PLAIN).build();
+			return Response.ok().build();
 		}
+
 		try {
 			user.setRecoverPasswordToken(DigestUtils.sha1Hex(UUID.randomUUID().toString()));
 			user.setRecoverPasswordTokenDate(new Date());