nodeSolidServer · zg009 · Mar 15, 2024 · Mar 15, 2024 · Mar 15, 2024 · Mar 15, 2024
diff --git a/common/js/auth-buttons.js b/common/js/auth-buttons.js
@@ -39,7 +39,7 @@
 
   // Log the user in on the client and the server
   async function login () {
-    alert(`login from this page is no more possible.\n\nYou must ask the pod owner to modify this page or remove it.`)
+    alert('login from this page is no more possible.\n\nYou must ask the pod owner to modify this page or remove it.')
     /* deprecated since inrupt/solid-auth-client
     const session = await auth.popupLogin()
     if (session) {

diff --git a/common/js/index-buttons.js b/common/js/index-buttons.js
@@ -1,44 +1,43 @@
 'use strict'
-var keyname = 'SolidServerRootRedirectLink';
-function register() { 
-    alert(2); window.location.href = "/register"; 
+const keyname = 'SolidServerRootRedirectLink'
+function register () {
+  alert(2); window.location.href = '/register'
 }
-document.addEventListener('DOMContentLoaded', async function() {
-    const authn = UI.authn
-    const authSession = UI.authn.authSession
+document.addEventListener('DOMContentLoaded', async function () {
+  const authn = UI.authn
+  const authSession = UI.authn.authSession
 
-    if (!authn.currentUser()) await authn.checkUser();
-    let user = authn.currentUser();
+  if (!authn.currentUser()) await authn.checkUser()
+  let user = authn.currentUser()
 
-    // IF LOGGED IN: SET SolidServerRootRedirectLink. LOGOUT
-    if( user ) {
-        window.localStorage.setItem(keyname, user.uri);
-        await authSession.logout();
-    }
-    else {
-        let webId = window.localStorage.getItem(keyname);
+  // IF LOGGED IN: SET SolidServerRootRedirectLink. LOGOUT
+  if (user) {
+    window.localStorage.setItem(keyname, user.uri)
+    await authSession.logout()
+  } else {
+    let webId = window.localStorage.getItem(keyname)
 
-        // IF NOT LOGGED IN AND COOKIE EXISTS: REMOVE COOKIE, HIDE WELCOME, SHOW LINK TO PROFILE
-        if( webId ) {
-        window.localStorage.removeItem(keyname);
-        document.getElementById('loggedIn').style.display = "block";
-        document.getElementById('loggedIn').innerHTML = `<p>Your WebID is : <a href="${webId}">${webId}</a>.</p> <p>Visit your profile to log into your Pod.</p>`;
-        }
+    // IF NOT LOGGED IN AND COOKIE EXISTS: REMOVE COOKIE, HIDE WELCOME, SHOW LINK TO PROFILE
+    if (webId) {
+      window.localStorage.removeItem(keyname)
+      document.getElementById('loggedIn').style.display = 'block'
+      document.getElementById('loggedIn').innerHTML = `<p>Your WebID is : <a href="${webId}">${webId}</a>.</p> <p>Visit your profile to log into your Pod.</p>`
+    }
 
-        // IF NOT LOGGED IN AND COOKIE DOES NOT EXIST  
-        //     SHOW WELCOME, SHOW LOGIN BUTTON
-        //     HIDE LOGIN BUTTON, ADD REGISTER BUTTON
-        else {
-        let loginArea = document.getElementById('loginStatusArea');
-        let html = `<input type="button" onclick="window.location.href='/register'" value="Register to get a Pod" class="register-button">`
-        let span = document.createElement("span")
-        span.innerHTML = html
-        loginArea.appendChild(span);
-        loginArea.appendChild(UI.login.loginStatusBox(document, null, {}))
-        const logInButton = loginArea.querySelectorAll('input')[1];
-        logInButton.value = "Log in to see your WebID";
-        const signUpButton = loginArea.querySelectorAll('input')[2];
-        signUpButton.style.display = "none";
-        }                    
+    // IF NOT LOGGED IN AND COOKIE DOES NOT EXIST
+    //     SHOW WELCOME, SHOW LOGIN BUTTON
+    //     HIDE LOGIN BUTTON, ADD REGISTER BUTTON
+    else {
+      let loginArea = document.getElementById('loginStatusArea')
+      let html = '<input type="button" onclick="window.location.href=\'/register\'" value="Register to get a Pod" class="register-button">'
+      let span = document.createElement('span')
+      span.innerHTML = html
+      loginArea.appendChild(span)
+      loginArea.appendChild(UI.login.loginStatusBox(document, null, {}))
+      const logInButton = loginArea.querySelectorAll('input')[1]
+      logInButton.value = 'Log in to see your WebID'
+      const signUpButton = loginArea.querySelectorAll('input')[2]
+      signUpButton.style.display = 'none'
     }
-})
+  }
+})
diff --git a/default-views/auth/reset-link-sent.hbs b/default-views/auth/reset-link-sent.hbs
@@ -14,7 +14,7 @@
   </div>
 
   <div class="alert alert-success">
-    <p>A Reset Password link has been sent to your email.</p>
+    <p>A Reset Password link has been from the associated email account.</p>
   </div>
 </div>
 </body>

diff --git a/lib/requests/password-reset-email-request.js b/lib/requests/password-reset-email-request.js
@@ -76,7 +76,9 @@ class PasswordResetEmailRequest extends AuthRequest {
   static post (req, res) {
     const request = PasswordResetEmailRequest.fromParams(req, res)
 
-    debug(`User '${request.username}' requested to be sent a password reset email`)
+    debug(
+      `User '${request.username}' requested to be sent a password reset email`
+    )
 
     return PasswordResetEmailRequest.handlePost(request)
   }
@@ -93,9 +95,9 @@ class PasswordResetEmailRequest extends AuthRequest {
     return Promise.resolve()
       .then(() => request.validate())
       .then(() => request.loadUser())
-      .then(userAccount => request.sendResetLink(userAccount))
-      .then(() => request.renderSuccess())
-      .catch(error => request.error(error))
+      .then((userAccount) => request.sendResetLink(userAccount))
+      .then(() => request.resetLinkMessage())
+      .catch((error) => request.error(error))
   }
 
   /**
@@ -120,16 +122,17 @@ class PasswordResetEmailRequest extends AuthRequest {
   loadUser () {
     const username = this.username
 
-    return this.accountManager.accountExists(username)
-      .then(exists => {
-        if (!exists) {
-          throw new Error('Account not found for that username')
-        }
+    return this.accountManager.accountExists(username).then((exists) => {
+      if (!exists) {
+        // For security reason avoid leaking error information
+        // See: https://github.com/nodeSolidServer/node-solid-server/issues/1770
+        return this.resetLinkMessage()
+      }
 
-        const userData = { username }
+      const userData = { username }
 
-        return this.accountManager.userAccountFrom(userData)
-      })
+      return this.accountManager.userAccountFrom(userData)
+    })
   }
 
   /**
@@ -143,14 +146,17 @@ class PasswordResetEmailRequest extends AuthRequest {
   sendResetLink (userAccount) {
     const accountManager = this.accountManager
 
-    return accountManager.loadAccountRecoveryEmail(userAccount)
-      .then(recoveryEmail => {
+    return accountManager
+      .loadAccountRecoveryEmail(userAccount)
+      .then((recoveryEmail) => {
         userAccount.email = recoveryEmail
 
         debug('Sending recovery email to:', recoveryEmail)
 
-        return accountManager
-          .sendPasswordResetEmail(userAccount, this.returnToUrl)
+        return accountManager.sendPasswordResetEmail(
+          userAccount,
+          this.returnToUrl
+        )
       })
   }
 
@@ -191,7 +197,7 @@ class PasswordResetEmailRequest extends AuthRequest {
   /**
    * Displays the 'your reset link has been sent' success message view
    */
-  renderSuccess () {
+  resetLinkMessage () {
     this.response.render('auth/reset-link-sent')
   }
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -14,7 +14,7 @@ @@
       </div>
       <div class="alert alert-success">
-        <p>A Reset Password link has been sent to your email.</p>
+        <p>A Reset Password link has been from the associated email account.</p>
       </div>
     </div>
     </body>
@@ Expand Down @@