dav_auth: do not reveal that user does not exists on recretate password

feature
2026-05-28 10:40:22 +02:00
parent 9518e2f4c1
commit 656308d1e5
1 changed files with 2 additions and 0 deletions
@@ -100,6 +100,8 @@ class CreateAndSendPasswordView(generic.FormView):
            logger.info('Password recreated for user \'%s\'', username)
        except user_model.DoesNotExist:
            logger.warning('Password recreated for unknown user \'%s\'', username)
+            # Pretend we sent an email, so we do not reveal that the user doesn't exist.
+            messages.success(self.request, _('Neues Passwort versendet.'))

        return super().form_valid(form)