vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

In password recovery, don't reveal whether an e-mail address is valid (unless it is an org's e-mail address)

Browse source
This commit is contained in:
Joseph Schorr 2017-12-06 14:07:38 -05:00
parent 4a5626e64b
commit 927d469db0
3 changed files with 8 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
test/test_api_security.py
View file

@ -457,16 +457,16 @@ class TestRecovery(ApiTestCase):
self._set_url(Recovery)
def test_post_anonymous(self):
self._run_test('POST', 400, None, {u'email': '826S'})
self._run_test('POST', 200, None, {u'email': '826S'})
def test_post_freshuser(self):
self._run_test('POST', 400, 'freshuser', {u'email': '826S'})
self._run_test('POST', 200, 'freshuser', {u'email': '826S'})
def test_post_reader(self):
self._run_test('POST', 400, 'reader', {u'email': '826S'})
self._run_test('POST', 200, 'reader', {u'email': '826S'})
def test_post_devtable(self):
self._run_test('POST', 400, 'devtable', {u'email': '826S'})
self._run_test('POST', 200, 'devtable', {u'email': '826S'})
class TestSignout(ApiTestCase):