Bug #66038
closedfelogin: reset password show success message even if mail isn't sent
0%
Description
Have a look at the following Code on GitHub: [[https://github.com/TYPO3/TYPO3.CMS/blob/TYPO3_6-2-11/typo3/sysext/felogin/Classes/Controller/FrontendLoginController.php#L231-L246]]
I think $error
should be set to true
instead of NULL
. The return value from the method generateAndSendHash
should be changed too.
We had a setup and forgot to specify the storagePid
so the query return nothing, but the success-message were shown.
We could detect if the storagePid
is 0
and display a meaningful error message.
Updated by Georg Ringer over 9 years ago
- Status changed from New to Needs Feedback
but this is way exposeNonexistentUserInForgotPasswordDialog is there.
it should not be exposed to the outside if the user exists or not because this would be an easy way to check automatically for existance of users.
changing the mentioned config would solve it to you. that ok?
Updated by Alfred Bez about 9 years ago
We solved our problem by setting the storagePid.
Changing exposeNonexistentUserInForgotPasswordDialog would be ok in our case, but that's not the point. I think it's weird that a success message is shown even if no mail was sent.
Updated by Alexander Opitz over 8 years ago
- Status changed from Needs Feedback to New
- Target version set to 6.2.16
Updated by Riccardo De Contardi about 8 years ago
- Target version changed from 6.2.16 to Candidate for Major Version
Updated by Markus Klein about 6 years ago
- Target version deleted (
Candidate for Major Version)
Updated by Markus Klein about 6 years ago
I think it's weird that a success message is shown even if no mail was sent.
Nope that is actually okay. Otherwise you could simply try out usernames and check whether those are present on the system.
The only thing that should be fixed is a missing storage pid.
Updated by Markus Klein about 6 years ago
- Status changed from New to Closed
This has been fixed with #72424
Updated by Markus Klein about 6 years ago
- Related to Task #72424: Removed deprecated TypoScriptFrontendController options and methods added