diff options
| author | Marvin Borner | 2018-05-24 00:31:19 +0200 |
|---|---|---|
| committer | Marvin Borner | 2018-05-24 00:31:19 +0200 |
| commit | 85211481260c076ad5e2889b66465495c33429ef (patch) | |
| tree | b33c63888f81ff878c514c7c544e3afcf4cfbfd1 /main/app/sprinkles/account/src/Controller | |
| parent | b66a61addb6c8e66cb26fcf74b532d68891267e4 (diff) | |
Many fixes, began user feed generator
Diffstat (limited to 'main/app/sprinkles/account/src/Controller')
| -rw-r--r-- | main/app/sprinkles/account/src/Controller/AccountController.php | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/main/app/sprinkles/account/src/Controller/AccountController.php b/main/app/sprinkles/account/src/Controller/AccountController.php index 25961ec..7373923 100644 --- a/main/app/sprinkles/account/src/Controller/AccountController.php +++ b/main/app/sprinkles/account/src/Controller/AccountController.php @@ -65,7 +65,7 @@ class AccountController extends SimpleController // Validate, and halt on validation errors. $validator = new ServerSideValidator($schema, $this->ci->translator); if (!$validator->validate($data)) { - // TODO: encapsulate the communication of error messages from ServerSideValidator to the BadRequestException + // O: encapsulate the communication of error messages from ServerSideValidator to the BadRequestException $e = new BadRequestException('Missing or malformed request data!'); foreach ($validator->errors() as $idx => $field) { foreach ($field as $eidx => $error) { @@ -163,8 +163,8 @@ class AccountController extends SimpleController * This is because we need to allow users to re-request a reset, even if they lose the first reset email. * This route is "public access". * Request type: POST - * @todo require additional user information - * @todo prevent password reset requests for root account? + * @odo require additional user information + * @odo prevent password reset requests for root account? * * @param Request $request * @param Response $response @@ -244,8 +244,6 @@ class AccountController extends SimpleController } }); - // TODO: create delay to prevent timing-based attacks - $ms->addMessageTranslated('success', 'PASSWORD.FORGET.REQUEST_SENT', ['email' => $data['email']]); return $response->withStatus(200); } @@ -1191,7 +1189,7 @@ class AccountController extends SimpleController * * This route is "public access". * Request type: GET - * @todo Can this route be abused for account enumeration? If so we should throttle it as well. + * @odo Can this route be abused for account enumeration? If so we should throttle it as well. * * @param Request $request * @param Response $response |