From 3b12b29c3567a94ae41fe7c649a497d6f85e2349 Mon Sep 17 00:00:00 2001 From: Volodymyr Lunov Date: Mon, 6 Jun 2016 17:06:38 +0200 Subject: [PATCH 1/3] 2133: LIVE09 Bruteforcing of user name is fixed. * It is not reported, when an e-mail does not exist. It prevents brute force attacks. --- src/Spryker/Zed/Customer/Business/Customer/Customer.php | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/Spryker/Zed/Customer/Business/Customer/Customer.php b/src/Spryker/Zed/Customer/Business/Customer/Customer.php index c5d523ff..e59eac31 100644 --- a/src/Spryker/Zed/Customer/Business/Customer/Customer.php +++ b/src/Spryker/Zed/Customer/Business/Customer/Customer.php @@ -271,13 +271,6 @@ public function sendPasswordRestoreMail(CustomerTransfer $customerTransfer) try { $customerEntity = $this->getCustomer($customerTransfer); } catch (CustomerNotFoundException $e) { - $customerError = new CustomerErrorTransfer(); - $customerError->setMessage(Messages::CUSTOMER_EMAIL_INVALID); - - $customerResponseTransfer - ->setIsSuccess(false) - ->addError($customerError); - return $customerResponseTransfer; } From 91638af227be2ae9f0e401dcabf021eccbb4cbfc Mon Sep 17 00:00:00 2001 From: Volodymyr Lunov Date: Mon, 6 Jun 2016 17:23:59 +0200 Subject: [PATCH 2/3] 2133: added test. --- .../Zed/Customer/Business/CustomerFacadeTest.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/Functional/Spryker/Zed/Customer/Business/CustomerFacadeTest.php b/tests/Functional/Spryker/Zed/Customer/Business/CustomerFacadeTest.php index f4139e35..21f8af97 100644 --- a/tests/Functional/Spryker/Zed/Customer/Business/CustomerFacadeTest.php +++ b/tests/Functional/Spryker/Zed/Customer/Business/CustomerFacadeTest.php @@ -26,6 +26,7 @@ class CustomerFacadeTest extends Test { const TESTER_EMAIL = 'tester@spryker.com'; + const TESTER_NON_EXISTING_EMAIL = 'nonexisting@spryker.com'; const TESTER_PASSWORD = 'tester'; const TESTER_NAME = 'Tester'; const TESTER_CITY = 'Testcity'; @@ -245,6 +246,18 @@ public function testRestorePassword() $this->assertTrue($customerResponseTransfer->getIsSuccess()); } + /** + * @return void + */ + public function testRestorePasswordNonExistent() + { + $customerTransfer = new CustomerTransfer(); + $customerTransfer->setEmail(self::TESTER_NON_EXISTING_EMAIL); + + $customerResponseTransfer = $this->customerFacade->sendPasswordRestoreMail($customerTransfer); + $this->assertTrue($customerResponseTransfer->getIsSuccess()); + } + /** * @return void */ From 114197f3515dc37307725cd264a9f0a5d5a68de5 Mon Sep 17 00:00:00 2001 From: Volodymyr Lunov Date: Mon, 6 Jun 2016 17:27:46 +0200 Subject: [PATCH 3/3] Cleanup. --- src/Spryker/Zed/Customer/Business/Customer/Customer.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Spryker/Zed/Customer/Business/Customer/Customer.php b/src/Spryker/Zed/Customer/Business/Customer/Customer.php index e59eac31..9447ae0f 100644 --- a/src/Spryker/Zed/Customer/Business/Customer/Customer.php +++ b/src/Spryker/Zed/Customer/Business/Customer/Customer.php @@ -259,7 +259,6 @@ public function confirmRegistration(CustomerTransfer $customerTransfer) /** * @param \Generated\Shared\Transfer\CustomerTransfer $customerTransfer * - * @throws \Spryker\Zed\Customer\Business\Exception\CustomerNotFoundException * @throws \Propel\Runtime\Exception\PropelException * * @return \Generated\Shared\Transfer\CustomerResponseTransfer