From 98c1b93133e3710b4f9afff0dfeffbc3f5cd6a5a Mon Sep 17 00:00:00 2001 From: TomatoCake <60300461+DEVTomatoCake@users.noreply.github.com> Date: Wed, 21 Aug 2024 20:50:42 +0200 Subject: [PATCH] Send 204 regardless of user existance --- src/api/routes/auth/forgot.ts | 66 +++++++---------------------------- 1 file changed, 13 insertions(+), 53 deletions(-) diff --git a/src/api/routes/auth/forgot.ts b/src/api/routes/auth/forgot.ts index 6fa86021..d5a8a2f4 100644 --- a/src/api/routes/auth/forgot.ts +++ b/src/api/routes/auth/forgot.ts @@ -1,31 +1,24 @@ /* Spacebar: A FOSS re-implementation and extension of the Discord.com backend. Copyright (C) 2023 Spacebar and Spacebar Contributors - + This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ import { getIpAdress, route, verifyCaptcha } from "@spacebar/api"; -import { - Config, - Email, - FieldErrors, - ForgotPasswordSchema, - User, -} from "@spacebar/util"; +import { Config, Email, ForgotPasswordSchema, User } from "@spacebar/util"; import { Request, Response, Router } from "express"; -import { HTTPError } from "lambert-server"; const router = Router(); router.post( @@ -37,9 +30,6 @@ router.post( 400: { body: "APIErrorOrCaptchaResponse", }, - 500: { - body: "APIErrorResponse", - }, }, }), async (req: Request, res: Response) => { @@ -71,50 +61,20 @@ router.post( } } - const user = await User.findOneOrFail({ + res.sendStatus(204); + + const user = await User.findOne({ where: [{ phone: login }, { email: login }], - select: ["username", "id", "disabled", "deleted", "email"], - relations: ["security_keys"], - }).catch(() => { - throw FieldErrors({ - login: { - message: req.t("auth:password_reset.EMAIL_DOES_NOT_EXIST"), - code: "EMAIL_DOES_NOT_EXIST", - }, - }); - }); + select: ["username", "id", "email"], + }).catch(() => {}); - if (!user.email) - throw FieldErrors({ - login: { - message: - "This account does not have an email address associated with it.", - code: "NO_EMAIL", - }, - }); - - if (user.deleted) - return res.status(400).json({ - message: "This account is scheduled for deletion.", - code: 20011, - }); - - if (user.disabled) - return res.status(400).json({ - message: req.t("auth:login.ACCOUNT_DISABLED"), - code: 20013, - }); - - return await Email.sendResetPassword(user, user.email) - .then(() => { - return res.sendStatus(204); - }) - .catch((e) => { + if (user && user.email) { + Email.sendResetPassword(user, user.email).catch((e) => { console.error( - `Failed to send password reset email to ${user.username}#${user.discriminator}: ${e}`, + `Failed to send password reset email to ${user.username}#${user.discriminator} (${user.id}): ${e}`, ); - throw new HTTPError("Failed to send password reset email", 500); }); + } }, );