Fake recovery by email address, to hide registrants on the site

diff --git a/actions/recoverpassword.php b/actions/recoverpassword.php
index 4839a036c0e4be2dcb0f632f3d3fd32c71204336..060ba83510b44fb82fc870e7f7d7f74e49e6a5c3 100644 (file)
--- a/actions/recoverpassword.php
+++ b/actions/recoverpassword.php
@@ -272,10 +272,16 @@ class RecoverpasswordAction extends Action
         try {
             User::recoverPassword($nore);
             $this->mode = 'sent';
-            // TRANS: User notification after an e-mail with instructions was sent from the password recovery form.
-            $this->msg = _('Instructions for recovering your password ' .
-                           'have been sent to the email address registered to your ' .
-                           'account.');
+            if (common_is_email($nore) && common_config('site', 'fakeaddressrecovery')) {
+                // TRANS: User notification when recovering password by giving email address,
+                //        regardless if the mail was sent or not (to hide registered email status).
+                $this->msg = _('If the email address you provided was found in the database, a recovery mail with instructions has been sent there.');
+            } else {
+                // TRANS: User notification after an e-mail with instructions was sent from the password recovery form.
+                $this->msg = _('Instructions for recovering your password ' .
+                               'have been sent to the email address registered to your ' .
+                               'account.');
+            }
             $this->success = true;
         } catch (Exception $e) {
             $this->success = false;

diff --git a/classes/User.php b/classes/User.php
index 6a12bb6642ff4dd473e98d19a21cd11a3322401c..3efaa5e72131b5ba7cda2262ba4e4879d0277b1d 100644 (file)
--- a/classes/User.php
+++ b/classes/User.php
@@ -873,16 +873,20 @@ class User extends Managed_DataObject
             }
 
             // No luck finding anyone by that email address.
-            // TODO: Fake sending email (since we don't want to reveal which addresses exist or not)
             if (!$user instanceof User) {
-                // TRANS: Information on password recovery form if no known username or e-mail address was specified.
+                if (common_config('site', 'fakeaddressrecovery')) {
+                    // Return without actually doing anything! We fake address recovery
+                    // to avoid revealing which email addresses are registered with the site.
+                    return;
+                }
+                // TRANS: Information on password recovery form if no known e-mail address was specified.
                 throw new ClientException(_('No user with that email address exists here.'));
             }
         } else {
             // This might throw a NicknameException on bad nicknames
             $user = User::getKV('nickname', common_canonical_nickname($nore));
             if (!$user instanceof User) {
-                // TRANS: Information on password recovery form if no known username or e-mail address was specified.
+                // TRANS: Information on password recovery form if no known username was specified.
                 throw new ClientException(_('No user with that nickname exists here.'));
             }
         }

diff --git a/lib/default.php b/lib/default.php
index 6369fbddc6004f12d6f978168e29142a9f1be0e3..0ec9fc4e14d1cc5a67c2f9b7316b17b526797733 100644 (file)
--- a/lib/default.php
+++ b/lib/default.php
@@ -48,6 +48,7 @@ $default =
               'languages' => get_all_languages(),
               'email' =>
               array_key_exists('SERVER_ADMIN', $_SERVER) ? $_SERVER['SERVER_ADMIN'] : null,
+              'fakeaddressrecovery' => true,
               'broughtby' => null,
               'timezone' => 'UTC',
               'broughtbyurl' => null,