Merge pull request #1079 from CakeDC/feature/37116.cake4

respond with a generic message instead of 'That account does not exist'

Author: steinkel

src/Controller/Traits/PasswordManagementTrait.php

@@ -164,20 +164,20 @@ public function requestResetPassword()
                 'type' => 'password',
             ]);
             if ($resetUser) {
-                $msg = __d('cake_d_c/users', 'Please check your email to continue with password reset process');
+                $msg = __d('cake_d_c/users', 'If the account is valid, the system will send an instructional email to the address on record.');
                 $this->Flash->success($msg);
             } else {
-                $msg = __d('cake_d_c/users', 'The password token could not be generated. Please try again');
+                $msg = __d('cake_d_c/users', 'There was an error please contact Administrator');
                 $this->Flash->error($msg);
             }
 
             return $this->redirect(['action' => 'login']);
-        } catch (UserNotFoundException $exception) {
-            $this->Flash->error(__d('cake_d_c/users', 'User {0} was not found', $reference));
-        } catch (UserNotActiveException $exception) {
-            $this->Flash->error(__d('cake_d_c/users', 'The user is not active'));
+        } catch (UserNotFoundException | UserNotActiveException $exception) {
+            $msg = __d('cake_d_c/users', 'If the account is valid, the system will send an instructional email to the address on record.');
+            $this->Flash->success($msg);
         } catch (Exception $exception) {
-            $this->Flash->error(__d('cake_d_c/users', 'Token could not be reset'));
+            $msg = __d('cake_d_c/users', 'There was an error please contact Administrator');
+            $this->Flash->error($msg);
             $this->log($exception->getMessage());
         }
     }

tests/TestCase/Controller/Traits/Integration/PasswordManagementTraitIntegrationTest.php

@@ -61,7 +61,7 @@ public function testRequestResetPasswordPostValidEmail()
         ];
         $this->post('/users/request-reset-password', $data);
         $this->assertRedirect('/login');
-        $this->assertFlashMessage('Please check your email to continue with password reset process');
+        $this->assertFlashMessage('If the account is valid, the system will send an instructional email to the address on record.');
         $userAfter = $Table->find()->where(['email' => '4@example.com'])->firstOrFail();
         $this->assertNotEquals('token-4', $userAfter->token);
         $this->assertNotEmpty($userAfter->token);
@@ -107,6 +107,6 @@ public function testRequestResetPasswordPostInvalidEmail()
         ];
         $this->post('/users/request-reset-password', $data);
         $this->assertResponseOk();
-        $this->assertFlashMessage('User someother.un@example.com was not found');
+        $this->assertFlashMessage('If the account is valid, the system will send an instructional email to the address on record.');
     }
 }

tests/TestCase/Controller/Traits/PasswordManagementTraitTest.php

@@ -401,7 +401,7 @@ public function testRequestPasswordEmptyReference()
                 ->will($this->returnValue($reference));
         $this->Trait->Flash->expects($this->any())
             ->method('error')
-            ->with('Token could not be reset');
+            ->with('There was an error please contact Administrator');
 
         $this->Trait->expects($this->never())
             ->method('redirect');
@@ -415,7 +415,7 @@ public function testRequestPasswordEmptyReference()
      */
     public function testEnsureUserActiveForResetPasswordFeature($ensureActive)
     {
-        $expectError = $this->never();
+        $expectError = $this->any();
 
         if ($ensureActive) {
             Configure::write('Users.Registration.ensureActive', true);
@@ -431,8 +431,8 @@ public function testEnsureUserActiveForResetPasswordFeature($ensureActive)
                 ->with('reference')
                 ->will($this->returnValue($reference));
         $this->Trait->Flash->expects($expectError)
-            ->method('error')
-            ->with('The user is not active');
+            ->method('success')
+            ->with('If the account is valid, the system will send an instructional email to the address on record.');
         $this->Trait->requestResetPassword();
         $this->assertNotEquals('xxx', $this->table->get('00000000-0000-0000-0000-000000000001')->token);
     }