Project

General

Profile

Actions
Copy link

Bug #66038

closed

felogin: reset password show success message even if mail isn't sent

Added by Alfred Bez about 9 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
felogin
Target version:
-
Start date:
2015-03-26
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
5.6
Tags:
Complexity:
easy
Is Regression:
No
Sprint Focus:

Description

Have a look at the following Code on GitHub: [[https://github.com/TYPO3/TYPO3.CMS/blob/TYPO3_6-2-11/typo3/sysext/felogin/Classes/Controller/FrontendLoginController.php#L231-L246]]

I think $error should be set to true instead of NULL. The return value from the method generateAndSendHash should be changed too.

We had a setup and forgot to specify the storagePid so the query return nothing, but the success-message were shown.

We could detect if the storagePid is 0 and display a meaningful error message.

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #64626: Rewrite fe_login to FluidRejected2015-01-30

Actions
Related to TYPO3 Core - Task #72424: Removed deprecated TypoScriptFrontendController options and methodsClosedBenni Mack2015-12-23

Actions
Actions
Copy link
 #1

Updated by Georg Ringer about 9 years ago

  • Status changed from New to Needs Feedback

but this is way exposeNonexistentUserInForgotPasswordDialog is there.

it should not be exposed to the outside if the user exists or not because this would be an easy way to check automatically for existance of users.

changing the mentioned config would solve it to you. that ok?

Actions
Copy link
 #2

Updated by Xavier Perseguers about 9 years ago

ping

Actions
Copy link
 #3

Updated by Alfred Bez almost 9 years ago

We solved our problem by setting the storagePid.
Changing exposeNonexistentUserInForgotPasswordDialog would be ok in our case, but that's not the point. I think it's weird that a success message is shown even if no mail was sent.

Actions
Copy link
 #4

Updated by Alexander Opitz over 8 years ago

  • Status changed from Needs Feedback to New
  • Target version set to 6.2.16
Actions
Copy link
 #5

Updated by Riccardo De Contardi almost 8 years ago

  • Target version changed from 6.2.16 to Candidate for Major Version
Actions
Copy link
 #6

Updated by Markus Klein almost 6 years ago

  • Target version deleted (Candidate for Major Version)
Actions
Copy link
 #7

Updated by Markus Klein almost 6 years ago

I think it's weird that a success message is shown even if no mail was sent.

Nope that is actually okay. Otherwise you could simply try out usernames and check whether those are present on the system.

The only thing that should be fixed is a missing storage pid.

Actions
Copy link
 #8

Updated by Markus Klein almost 6 years ago

  • Status changed from New to Closed

This has been fixed with #72424

Actions
Copy link
 #9

Updated by Markus Klein almost 6 years ago

  • Related to Task #72424: Removed deprecated TypoScriptFrontendController options and methods added
Actions
Copy link

Also available in: Atom PDF