Skip to content

Trim the user/email provided for password resets #37495

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
come-nc merged 2 commits into from
Apr 5, 2023
Merged

Trim the user/email provided for password resets #37495

come-nc merged 2 commits into from
Apr 5, 2023

Conversation

@joshtrichards
Copy link
Member

@joshtrichards joshtrichards commented Mar 30, 2023
edited
Loading

Summary

Trims the username/email address provided by the user when requesting a lost password reset. This reduces support requests from users that complain about never receiving password reset emails (because we silently - from the user perspective - dropped the request as being a bogus username/email address).

Since this is a workflow where few indicators are provided to the user (to avoid security information leakage), it seems worthwhile to handle this for the user to catch this common and easy/no-risk scenario. We know with certainty that whitespaces are never allowed at the start/end of usernames so this is safe.

TODO

(nothing)

Checklist

@szaimen szaimen added the 3. to review Waiting for reviews label Mar 30, 2023
@szaimen szaimen added this to the Nextcloud 27 milestone Mar 30, 2023
@szaimen szaimen requested review from a team, ArtificialOwl, come-nc and icewind1991 and removed request for a team March 30, 2023 16:31
@joshtrichards joshtrichards mentioned this pull request Mar 30, 2023
Closed
come-nc
come-nc reviewed Apr 3, 2023
View reviewed changes
Copy link
Contributor

@come-nc come-nc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it should be trimed before being sent to the hook then, no?

@jtrees
Copy link
Contributor

jtrees commented Apr 3, 2023

I am unfamiliar with the Nextcloud code so I cannot review this but I want to thank you for this PR.

@joshtrichards
Trim user earlier
9899b12 
Signed-off-by: Josh Richards <[email protected]>
@joshtrichards
Copy link
Member Author

joshtrichards commented Apr 4, 2023

I think it should be trimed before being sent to the hook then, no?

Indeed @come-nc. Fixed

@joshtrichards joshtrichards requested a review from come-nc April 5, 2023 02:02
@blizzz blizzz added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Apr 5, 2023
@come-nc come-nc merged commit 5063b76 into nextcloud:master Apr 5, 2023
@welcome
Copy link

welcome bot commented Apr 5, 2023

Thanks for your first pull request and welcome to the community! Feel free to keep them coming! If you are looking for issues to tackle then have a look at this selection: https://github.com/nextcloud/server/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22

@jtrees jtrees mentioned this pull request Apr 5, 2023
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@blizzz blizzz blizzz approved these changes

@come-nc come-nc come-nc approved these changes

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl ArtificialOwl is a code owner automatically assigned from nextcloud/server-backend

@icewind1991 icewind1991 Awaiting requested review from icewind1991 icewind1991 is a code owner automatically assigned from nextcloud/server-backend

Assignees

No one assigned

Labels

4. to release Ready to be released and/or waiting for tests to finish

Projects

None yet

Milestone

Nextcloud 27

Development

Successfully merging this pull request may close these issues.

UX: Forgot password form should trim user input

5 participants

@joshtrichards @jtrees @blizzz @come-nc @szaimen