darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-05 10:53:28 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
e0e445c520413e5d880901c34edd90734d0cf45e
notifications-admin/app/main
History
Chris Hill-Scott e0e445c520 Stop enumeration of email addresses via forgot pw 
https://www.pivotaltracker.com/story/show/113840073

Previously the forgot password page would give an error if you entered an email
address which didn’t belong to an account.

This would allow a potential attacker to know which email addresses were
registered.

This commit changes the response to always be the same, whether or not the email
address exists.

Also, this is a good read about the dangers of asserting whether a mocked method
was called: http://engineeringblog.yelp.com/2015/02/assert_called_once-threat-or-menace.html
2016-02-17 10:42:15 +00:00
..
dao
Bug fix.
2016-02-02 10:17:17 +00:00
notifications
views
Stop enumeration of email addresses via forgot pw
2016-02-17 10:42:15 +00:00
__init__.py
encryption.py
forms.py
Use correct HTML 5 input types
2016-02-17 10:42:14 +00:00
uploader.py
In case there are problems reading back the csv file from
2016-02-05 16:13:06 +00:00
utils.py
Remove need for TWILIO_TEST_NUMBER
2016-02-09 15:56:09 +00:00
validators.py
Working tests, hopefully all code changes done.
2016-01-27 12:22:32 +00:00