Send password reset email to the email used in lost password form (#4244).

git-svn-id: http://svn.redmine.org/redmine/trunk@13888 e93f8b46-1217-0410-a6f0-8f06a7374b81
2025-12-28 03:11:15 +00:00 · 2015-01-17 14:51:29 +00:00 · 2015-01-17 14:51:29 +00:00 · a3a8fee8ad
commit a3a8fee8ad
parent 14473f45a1
3 changed files with 22 additions and 4 deletions
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@ -82,7 +82,8 @@ class AccountController < ApplicationController
      return
    else
      if request.post?
-        user = User.find_by_mail(params[:mail].to_s)
+        email = params[:mail].to_s
+        user = User.find_by_mail(email)
        # user not found
        unless user
          flash.now[:error] = l(:notice_account_unknown_email)
@ -100,7 +101,9 @@ class AccountController < ApplicationController
        # create a new token for password recovery
        token = Token.new(:user => user, :action => "recovery")
        if token.save
-          Mailer.lost_password(token).deliver
+          # Don't use the param to send the email
+          recipent = user.mails.detect {|e| e.downcase == email.downcase} || user.mail
+          Mailer.lost_password(token, recipent).deliver
          flash[:notice] = l(:notice_account_lost_email_sent)
          redirect_to signin_path
          return
--- a/app/models/mailer.rb
+++ b/app/models/mailer.rb
@ -289,11 +289,12 @@ class Mailer < ActionMailer::Base
      :subject => l(:mail_subject_register, Setting.app_title)
  end

-  def lost_password(token)
+  def lost_password(token, recipient=nil)
    set_language_if_valid(token.user.language)
+    recipient ||= token.user.mail
    @token = token
    @url = url_for(:controller => 'account', :action => 'lost_password', :token => token.value)
-    mail :to => token.user.mail,
+    mail :to => recipient,
      :subject => l(:mail_subject_lost_password, Setting.app_title)
  end

--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@ -304,6 +304,20 @@ class AccountControllerTest < ActionController::TestCase
    end
  end

+  def test_lost_password_using_additional_email_address_should_send_email_to_the_address
+    EmailAddress.create!(:user_id => 2, :address => 'anotherAddress@foo.bar')
+    Token.delete_all
+
+    assert_difference 'ActionMailer::Base.deliveries.size' do
+      assert_difference 'Token.count' do
+        post :lost_password, :mail => 'ANOTHERaddress@foo.bar'
+        assert_redirected_to '/login'
+      end
+    end
+    mail = ActionMailer::Base.deliveries.last
+    assert_equal ['anotherAddress@foo.bar'], mail.bcc
+  end
+
  def test_lost_password_for_unknown_user_should_fail
    Token.delete_all
    assert_no_difference 'Token.count' do