do not return error when user doesn't exist on forgot_password

2020-04-27 22:57:55 +02:00 · 2020-04-27 22:57:55 +02:00 · a069fe7b6a
parent 26a094469b
commit a069fe7b6a
2 changed files with 9 additions and 9 deletions
--- a/app/auth/templates/auth/forgot_password.html
+++ b/app/auth/templates/auth/forgot_password.html
@ -16,8 +16,7 @@

      <div class="form-group">
        <label class="form-label">Email address</label>
-        {{ form.email(class="form-control", type="email",
-            placeholder="The email address associated with your SimpleLogin account") }}
+        {{ form.email(class="form-control", type="email") }}
        {{ render_field_errors(form.email) }}
      </div>

--- a/app/auth/views/forgot_password.py
+++ b/app/auth/views/forgot_password.py
@ -1,4 +1,4 @@
-from flask import request, render_template, redirect, url_for
+from flask import request, render_template, redirect, url_for, flash
 from flask_wtf import FlaskForm
 from wtforms import StringField, validators

@ -17,14 +17,15 @@ def forgot_password():

    if form.validate_on_submit():
        email = form.email.data.strip().lower()
+        flash(
+            "If your email is correct, you are going to receive an email to reset your password",
+            "success",
+        )

        user = User.get_by(email=email)

-        if not user:
-            error = "No such user, are you sure the email is correct?"
-            return render_template("auth/forgot_password.html", form=form, error=error)
-
-        send_reset_password_email(user)
-        return redirect(url_for("auth.forgot_password"))
+        if user:
+            send_reset_password_email(user)
+            return redirect(url_for("auth.forgot_password"))

    return render_template("auth/forgot_password.html", form=form)