diff --git a/service-api/app/src/App/src/Service/Log/Output/Email.php b/service-api/app/src/App/src/Service/Log/Output/Email.php new file mode 100644 index 0000000000..d250cef340 --- /dev/null +++ b/service-api/app/src/App/src/Service/Log/Output/Email.php @@ -0,0 +1,19 @@ +email); + } +} diff --git a/service-api/app/src/App/src/Service/User/UserService.php b/service-api/app/src/App/src/Service/User/UserService.php index c55a1f6d08..52eacfd1c9 100644 --- a/service-api/app/src/App/src/Service/User/UserService.php +++ b/service-api/app/src/App/src/Service/User/UserService.php @@ -12,6 +12,7 @@ use App\Exception\GoneException; use App\Exception\NotFoundException; use App\Exception\UnauthorizedException; +use App\Service\Log\Output\Email; use DateTime; use DateTimeInterface; use Exception; @@ -190,7 +191,7 @@ public function requestPasswordReset(string $email): array } catch (Exception $e) { $this->logger->notice( 'Attempt made to reset password for non-existent account', - ['email' => $email] + ['email' => new Email($email)] ); throw $e; diff --git a/service-api/app/test/AppTest/Service/Log/Output/EmailTest.php b/service-api/app/test/AppTest/Service/Log/Output/EmailTest.php new file mode 100644 index 0000000000..6e00132305 --- /dev/null +++ b/service-api/app/test/AppTest/Service/Log/Output/EmailTest.php @@ -0,0 +1,19 @@ +assertMatchesRegularExpression('/.*/', (string)$email); + $this->assertStringNotContainsString('test@test.com', (string)$email); + } +} diff --git a/service-api/app/test/AppTest/Service/User/UserServiceTest.php b/service-api/app/test/AppTest/Service/User/UserServiceTest.php index 8996c87e87..76ba3f053d 100644 --- a/service-api/app/test/AppTest/Service/User/UserServiceTest.php +++ b/service-api/app/test/AppTest/Service/User/UserServiceTest.php @@ -11,6 +11,7 @@ use App\Exception\GoneException; use App\Exception\NotFoundException; use App\Exception\UnauthorizedException; +use App\Service\Log\Output\Email; use App\Service\User\UserService; use DateTime; use Exception; @@ -189,6 +190,36 @@ public function cannot_add_existing_user_as_email_used_in_reset() $us->add($userData); } + /** @test */ + public function logs_Notice_When_Password_Reset_Is_Requested_For_Non_Existent_Account(): void + { + $email = 'nonexistent@example.com'; + $hashed_email = hash('sha256', $email); + + $repoProphecy = $this->prophesize(ActorUsersInterface::class); + $loggerProphecy = $this->prophesize(LoggerInterface::class); + + $repoProphecy + ->recordPasswordResetRequest(Argument::cetera()) + ->willThrow(Exception::class); + + $loggerProphecy + ->notice( + 'Attempt made to reset password for non-existent account', + Argument::that(function ($arg) use ($hashed_email) { + return $arg['email'] instanceof Email && (string)($arg['email']) == $hashed_email; + }) + ) + ->shouldBeCalled(); + + $userService = new UserService($repoProphecy->reveal(), $loggerProphecy->reveal()); + + try { + $userService->requestPasswordReset($email); + } catch (Exception) { + } + } + /** @test */ public function can_get_a_user_from_storage(): void { diff --git a/service-front/app/src/Common/src/Service/User/UserService.php b/service-front/app/src/Common/src/Service/User/UserService.php index 0c9dc4e56f..999c949928 100644 --- a/service-front/app/src/Common/src/Service/User/UserService.php +++ b/service-front/app/src/Common/src/Service/User/UserService.php @@ -117,7 +117,7 @@ public function authenticate(string $credential, ?string $password = null): ?Use 'Authentication failed for {email} with code {code}', [ 'code' => $e->getCode(), - 'email' => $credential, + 'email' =>new Email($credential), ] ); if ($e->getCode() === StatusCodeInterface::STATUS_UNAUTHORIZED) {