mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-02-05 10:53:28 -05:00
e0e445c520
https://www.pivotaltracker.com/story/show/113840073 Previously the forgot password page would give an error if you entered an email address which didn’t belong to an account. This would allow a potential attacker to know which email addresses were registered. This commit changes the response to always be the same, whether or not the email address exists. Also, this is a good read about the dangers of asserting whether a mocked method was called: http://engineeringblog.yelp.com/2015/02/assert_called_once-threat-or-menace.html