Don't send email to unregistered users, hide difference

Fixes #156.
dboehmer · May 17, 2022 · fc1abb2 · fc1abb2
1 parent 2445620
commit fc1abb2
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 36 deletions.
diff --git a/lib/Coocook/Controller/Email.pm b/lib/Coocook/Controller/Email.pm
@@ -57,15 +57,6 @@ sub recovery_link : Private {
     );
 }
 
-sub recovery_unregistered : Private {
-    my ( $self, $c, $email ) = @_;
-
-    $c->stash(
-        email        => { to => $email },
-        register_url => $c->uri_for_action('/user/register'),
-    );
-}
-
 sub verify : Private {
     my ( $self, $c, $user, $token ) = @_;
 

diff --git a/lib/Coocook/Controller/User.pm b/lib/Coocook/Controller/User.pm
@@ -270,9 +270,7 @@ sub post_recover : POST Chained('/base') PathPart('recover') Args(0) Public {
 
         $c->visit( '/email/recovery_link', [ $user, $token ] );
     }
-    else {
-        $c->visit( '/email/recovery_unregistered', [$email_fc] );
-    }
+    else { }    # nothing actually happens, difference invisible
 
     $c->messages->info("Recovery link sent");
     $c->response->redirect( $c->uri_for_action('/index') );

diff --git a/root/email_templates/recovery_unregistered.tt b/root/email_templates/recovery_unregistered.tt
diff --git a/t/lib/Test/Coocook.pm b/t/lib/Test/Coocook.pm
@@ -265,17 +265,17 @@ sub _get_email_body {
 
     my $emails = $self->emails;
 
-    if ( @$emails == 0 ) {
-        carp "no emails stored";
-        return;
-    }
+    {
+        local $Carp::Internal{'Test2::API'}            = 1;
+        local $Carp::Internal{'Test2::Tools::Subtest'} = 1;
+        local $Carp::Internal{'Test::Coocook'}         = 1;
 
-    my $checked = $self->{coocook_checked_email_count} || 1;
+        if ( @$emails == 0 ) {
+            carp "no emails stored";
+            return;
+        }
 
-    {
-        local $Carp::Internal{'Test::Coocook'} = 1;
-        local $Carp::Internal{'Test::Builder'} = 1;
-        local $Carp::Internal{'Test::More'}    = 1;
+        my $checked = $self->{coocook_checked_email_count} || 1;
 
         @$emails > $checked
           and carp "More than 1 email stored";
@@ -413,8 +413,6 @@ sub request_recovery_link_ok {
 
         $self->text_contains('Recovery link sent')
           or note $self->text;
-
-        $self->get_ok_email_link_like( qr/reset_password/, $name || "click email recovery link" );
     };
 }
 

diff --git a/t/user_lifecycle.t b/t/user_lifecycle.t
@@ -304,8 +304,14 @@ subtest "password recovery" => sub {
 
     ok $user->check_password('P@ssw0rd'), "password is same as before";
 
+    $t->request_recovery_link_ok('[email protected]');
+    my $content_unregistered = $t->response->decoded_content;
+
     $t->request_recovery_link_ok('[email protected]');
+    is $t->response->decoded_content => $content_unregistered,
+      "content is same for unregistered email addresses";
 
+    $t->get_ok_email_link_like(qr/reset_password/);
     $t->text_contains('verified');
 
     $t->submit_form_ok(
@@ -344,6 +350,7 @@ subtest "password recovery marks email address verified" => sub {
       "email_verified IS NULL";
 
     $t->request_recovery_link_ok('[email protected]');
+    $t->get_ok_email_link_like(qr/reset_password/);
     $t->submit_form_ok( { with_fields => { map { $_ => 'sUpEr s3cUr3' } 'password', 'password2' } },
         "submit password reset form" );