Bug #94200: Reset password command wrongly states that a password reset email was sent - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #94200

closed

Reset password command wrongly states that a password reset email was sent

Added by Oliver Bartsch over 3 years ago. Updated about 3 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Oliver Bartsch

Category:

CLI

Target version:

Start date:

2021-05-26

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

PHP Version:

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

To prevent information disclosure, the password reset process does not reveal if an email was sent or not (since the methods just return void).

However, the ResetPasswordCommand will always display a success message Sent out an email to "some@email.com" requesting to set a new password., as soon as the input arguments are valid and password reset is enabled. But in case a password reset for an admin user is requested, while passwordResetForAdmins is not enabled, no email will be sent. So the message is highly misleading.

To fix this, the message should only inform about the successfully initiated password reset process.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #94200

Reset password command wrongly states that a password reset email was sent

Updated by Gerrit Code Review over 3 years ago

Updated by Oliver Bartsch over 3 years ago

Updated by Gerrit Code Review over 3 years ago

Updated by Oliver Bartsch over 3 years ago

Updated by Benni Mack about 3 years ago