Generic password reset (#730)

* feat: generic error message on password reset * chore: php dep update * chore: pnpm dep update * test: fix ci test to handle new password reset message
dfo-osdt · Aug 26, 2024 · 99992c2 · 99992c2
1 parent 2332777
commit 99992c2
Show file tree

Hide file tree

Showing 9 changed files with 234 additions and 237 deletions.
diff --git a/app/Http/Controllers/Auth/PasswordResetLinkController.php b/app/Http/Controllers/Auth/PasswordResetLinkController.php
@@ -42,12 +42,8 @@ public function store(Request $request): JsonResponse
             ])
             ->log('password.reset.request');
 
-        if ($status != Password::RESET_LINK_SENT) {
-            throw ValidationException::withMessages([
-                'email' => [__($status)],
-            ]);
-        }
-
-        return response()->json(['status' => __($status)]);
+        // for the user, we always want to return the same messsage
+        // to prevent user enumeration
+        return response()->json(['status' => __('passwords.recovery')]);
     }
 }
diff --git a/composer.lock b/composer.lock
diff --git a/lang/en/passwords.php b/lang/en/passwords.php
@@ -5,5 +5,6 @@
     "sent" => "We have emailed your password reset link!",
     "throttled" => "Please wait before retrying.",
     "token" => "This password reset token is invalid.",
-    "user" => "We can't find a user with that email address."
+    "user" => "We can't find a user with that email address.",
+    "recovery" => "If the email address is registered, you will receive an email with instructions on how to reset your password.",
 ];
diff --git a/lang/fr/passwords.php b/lang/fr/passwords.php
@@ -5,5 +5,6 @@
     "sent" => "Nous avons envoyé votre lien de réinitialisation de mot de passe par courriel.",
     "throttled" => "Veuillez attendre avant de réessayer.",
     "token" => "Ce jeton de réinitialisation de mot de passe n'est pas valide.",
-    "user" => "Nous ne pouvons pas trouver un utilisateur avec ce courriel."
+    "user" => "Nous ne pouvons pas trouver un utilisateur avec ce courriel.",
+    "recovery" => "Si l'adresse courriel est enregistrée, vous recevrez un courriel avec des instructions sur la façon de réinitialiser votre mot de passe.",
 ];
diff --git a/package.json b/package.json
@@ -12,7 +12,7 @@
     "@intlify/unplugin-vue-i18n": "^4.0.0",
     "@quasar/extras": "^1.16.12",
     "@vitejs/plugin-vue": "^5.1.2",
-    "@vueuse/core": "^11.0.1",
+    "@vueuse/core": "^11.0.3",
     "dompurify": "^3.1.6",
     "pinia": "^2.2.2",
     "quasar": "^2.16.9",
@@ -21,13 +21,13 @@
     "vue-router": "^4.4.3"
   },
   "devDependencies": {
-    "@antfu/eslint-config": "^2.27.0",
+    "@antfu/eslint-config": "^2.27.1",
     "@quasar/vite-plugin": "^1.7.0",
     "@types/dompurify": "^3.0.5",
     "@types/node": "^22.5.0",
-    "axios": "^1.7.4",
+    "axios": "^1.7.5",
     "cypress": "^13.13.3",
-    "eslint": "^9.9.0",
+    "eslint": "^9.9.1",
     "eslint-plugin-quasar": "^1.1.0",
     "globals": "^15.9.0",
     "laravel-vite-plugin": "^1.0.5",