Don't tell user when email is required but not supplied

Hide the `requireemail` status from the resetting user when requesting a password reset without supplying an email address. Bug: T238961 Change-Id: Iee07564aac78d013ecc52192b536e92cb1ed4e8b
2020-02-17 08:34:19 +08:00 · 2020-02-17 08:34:19 +08:00 · b6b0a99e34
commit b6b0a99e34
parent 2e3bdb3498
4 changed files with 5 additions and 6 deletions
--- a/includes/user/PasswordReset.php
+++ b/includes/user/PasswordReset.php
@ -215,7 +215,8 @@ class PasswordReset implements LoggerAwareInterface {
 			&& $firstUser->getBoolOption( 'requireemail' );
 		if ( $requireEmail ) {
 			if ( $email === '' ) {
-				return StatusValue::newFatal( 'passwordreset-username-email-required' );
+				// Email is required but not supplied: pretend everything's fine.
+				return StatusValue::newGood();
 			}

 			if ( !Sanitizer::validateEmail( $email ) ) {
@ -231,7 +232,7 @@ class PasswordReset implements LoggerAwareInterface {
 		if ( !$users ) {
 			if ( $method === 'email' ) {
 				// Don't reveal whether or not an email address is in use
-				return StatusValue::newGood( [] );
+				return StatusValue::newGood();
 			} else {
 				return StatusValue::newFatal( 'noname' );
 			}
--- a/languages/i18n/en.json
+++ b/languages/i18n/en.json
@ -614,7 +614,6 @@
 	"passwordreset-ignored": "The password reset was not handled. Maybe no provider was configured?",
 	"passwordreset-invalidemail": "Invalid email address",
 	"passwordreset-nodata": "Neither a username nor an email address was supplied",
-	"passwordreset-username-email-required": "Both username and email address are required to receive a temporary password via email.",
 	"changeemail": "Change or remove email address",
 	"changeemail-summary": "",
 	"changeemail-header": "Complete this form to change your email address. If you would like to remove the association of any email address from your account, leave the new email address blank when submitting the form.",
--- a/languages/i18n/qqq.json
+++ b/languages/i18n/qqq.json
@ -827,7 +827,6 @@
 	"passwordreset-ignored": "Shown when password reset was unsuccessful due to configuration problems.",
 	"passwordreset-invalidemail": "Returned when the email address is syntatically invalid.",
 	"passwordreset-nodata": "Returned when no data was provided.",
-	"passwordreset-username-email-required": "Used in [[Special:PasswordReset]].\n\nSee also:\n* {{msg-mw|tog-requireemail}}\n* {{msg-mw|prefs-help-requireemail}}",
 	"changeemail": "Title of [[Special:ChangeEmail|special page]]. This page also allows removing the user's email address.",
 	"changeemail-summary": "{{ignored}}",
 	"changeemail-header": "Text of [[Special:ChangeEmail]].",
--- a/tests/phpunit/includes/user/PasswordResetTest.php
+++ b/tests/phpunit/includes/user/PasswordResetTest.php
@ -327,8 +327,8 @@ class PasswordResetTest extends MediaWikiTestCase {
 				'email' => self::VALID_EMAIL,
 				'usersWithEmail' => [],
 			],
-			'Email required for resets, but is empty' => [
-				'expectedError' => 'passwordreset-username-email-required',
+			'Email required for resets but is empty, pretend everything is OK' => [
+				'expectedError' => false,
 				'config' => $emailRequiredConfig,
 				'performingUser' => $throttledUser,
 				'permissionManager' => $permissionManager,