mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-08-06 00:17:31 +02:00
Code Issues Releases Wiki Activity

fix: password reset leaks user existence (#3616)

Browse Source
This commit is contained in:
Sami Mazouz
2022-09-14 15:57:52 +01:00
committed by GitHub
parent fc4d5e3d43
commit 84c31165e5
6 changed files with 98 additions and 164 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
framework/core/tests/integration/api/users/SendPasswordResetEmailTest.php
View File

@@ -70,4 +70,19 @@ class SendPasswordResetEmailTest extends TestCase
$this->assertEquals(429, $response->getStatusCode());
}
/** @test */
public function request_password_reset_does_not_leak_user_existence()
{
$response = $this->send(
$this->request('POST', '/api/forgot', [
'authenticatedAs' => 3,
'json' => [
'email' => 'missing_user@machine.local'
]
])
);
$this->assertEquals(204, $response->getStatusCode());
}
}