| @@ -82,7 +82,8 class AccountController < ApplicationController | |||
|
|
82 | 82 | return |
|
|
83 | 83 | else |
|
|
84 | 84 | if request.post? |
|
|
85 |
|
|
|
|
85 | email = params[:mail].to_s | |
|
|
86 | user = User.find_by_mail(email) | |
|
|
86 | 87 | # user not found |
|
|
87 | 88 | unless user |
|
|
88 | 89 | flash.now[:error] = l(:notice_account_unknown_email) |
| @@ -100,7 +101,9 class AccountController < ApplicationController | |||
|
|
100 | 101 | # create a new token for password recovery |
|
|
101 | 102 | token = Token.new(:user => user, :action => "recovery") |
|
|
102 | 103 | if token.save |
|
|
103 | Mailer.lost_password(token).deliver | |
|
|
104 | # Don't use the param to send the email | |
|
|
105 | recipent = user.mails.detect {|e| e.downcase == email.downcase} || user.mail | |
|
|
106 | Mailer.lost_password(token, recipent).deliver | |
|
|
104 | 107 | flash[:notice] = l(:notice_account_lost_email_sent) |
|
|
105 | 108 | redirect_to signin_path |
|
|
106 | 109 | return |
| @@ -289,11 +289,12 class Mailer < ActionMailer::Base | |||
|
|
289 | 289 | :subject => l(:mail_subject_register, Setting.app_title) |
|
|
290 | 290 | end |
|
|
291 | 291 | |
|
|
292 | def lost_password(token) | |
|
|
292 | def lost_password(token, recipient=nil) | |
|
|
293 | 293 | set_language_if_valid(token.user.language) |
|
|
294 | recipient ||= token.user.mail | |
|
|
294 | 295 | @token = token |
|
|
295 | 296 | @url = url_for(:controller => 'account', :action => 'lost_password', :token => token.value) |
|
|
296 |
mail :to => |
|
|
|
297 | mail :to => recipient, | |
|
|
297 | 298 | :subject => l(:mail_subject_lost_password, Setting.app_title) |
|
|
298 | 299 | end |
|
|
299 | 300 | |
| @@ -304,6 +304,20 class AccountControllerTest < ActionController::TestCase | |||
|
|
304 | 304 | end |
|
|
305 | 305 | end |
|
|
306 | 306 | |
|
|
307 | def test_lost_password_using_additional_email_address_should_send_email_to_the_address | |
|
|
308 | EmailAddress.create!(:user_id => 2, :address => 'anotherAddress@foo.bar') | |
|
|
309 | Token.delete_all | |
|
|
310 | ||
|
|
311 | assert_difference 'ActionMailer::Base.deliveries.size' do | |
|
|
312 | assert_difference 'Token.count' do | |
|
|
313 | post :lost_password, :mail => 'ANOTHERaddress@foo.bar' | |
|
|
314 | assert_redirected_to '/login' | |
|
|
315 | end | |
|
|
316 | end | |
|
|
317 | mail = ActionMailer::Base.deliveries.last | |
|
|
318 | assert_equal ['anotherAddress@foo.bar'], mail.bcc | |
|
|
319 | end | |
|
|
320 | ||
|
|
307 | 321 | def test_lost_password_for_unknown_user_should_fail |
|
|
308 | 322 | Token.delete_all |
|
|
309 | 323 | assert_no_difference 'Token.count' do |
General Comments 0
You need to be logged in to leave comments.
Login now