Don't send mail when neither username nor email is found.

soegaard · Jan 24, 2020 · 61c7cef · 61c7cef
1 parent 4c405a0
commit 61c7cef
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 4 deletions.
diff --git a/app-racket-stories/control.rkt b/app-racket-stories/control.rkt
@@ -327,9 +327,12 @@
   (def result (html-reset-password-sent-page))
   (def ue  (get-binding #"usernameoremail" bytes->string/utf-8))
   (def u   (or (get-user/username ue) (get-user/email ue)))
-  (def t   (new-reset-password-token #:user u))
-  (def url (~a "https://racket-stories.com/password-recovery/" t))
-  (send-reset-password-email (user-email u) (user-username u) url)
+  (when (user? u)
+    ; don't do anything if the username/email is not found
+    ; (we can't reveal which email adresses we have as users)
+    (def t   (new-reset-password-token #:user u))
+    (def url (~a "https://racket-stories.com/password-recovery/" t))
+    (send-reset-password-email (user-email u) (user-username u) url))
   (response/output (λ (out) (display result out))))
 
 (define (do-password-recovery req token)

diff --git a/app-racket-stories/model.rkt b/app-racket-stories/model.rkt
@@ -807,7 +807,24 @@ HERE
      ]
     [_ (void)]))
 
-
 #;(begin (current-database (connect-to-database))
          (drop-tables)
          (init-database))
+
+;;;
+;;; Schema -> PostGresql SQL
+;;;
+
+; The generates the SQL used to create the table.
+
+;; (require (prefix-in ast: deta/private/ast)
+;;          deta/private/schema
+;;          deta/private/dialect/dialect 
+;;          deta/private/dialect/postgresql)
+;; (let ([s (schema-registry-lookup 'reset-password-token)])
+;;   (displayln (dialect-emit-ddl postgresql-dialect
+;;                                (ast:create-table (schema-table s) (schema-fields s)))))
+
+
+
+