mirror of
https://github.com/pretix/pretix.git
synced 2026-05-05 15:14:04 +00:00
a643abe293
Here is my attempt to prevent user enumeration. I've made the following changes: **Application:** - replaces success and failure messages in the form with two (with/without redis) information messages - adds logging for attempted password resets of unknown users - adds logging for failing emails **Tests:** - test_unknown asserts a redirect instead of a ok - adds test_email_reset_twice_redis to assert the correct logging of a twice reset email - adds a FakeRedis class similiar to the one implemented in test_metrics.py. I could refactor them into the testutils folder if prefered. Please excuse the commit mess. I am currently fighting with my tooling.