From 656308d1e585145f07ce76d2bcdac7e15b9385b1 Mon Sep 17 00:00:00 2001 From: Jens Kleineheismann Date: Thu, 28 May 2026 10:40:22 +0200 Subject: [PATCH] dav_auth: do not reveal that user does not exists on recretate password feature --- dav_auth/views.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dav_auth/views.py b/dav_auth/views.py index 36d5a39..d12f5d8 100644 --- a/dav_auth/views.py +++ b/dav_auth/views.py @@ -100,6 +100,8 @@ class CreateAndSendPasswordView(generic.FormView): logger.info('Password recreated for user \'%s\'', username) except user_model.DoesNotExist: logger.warning('Password recreated for unknown user \'%s\'', username) + # Pretend we sent an email, so we do not reveal that the user doesn't exist. + messages.success(self.request, _('Neues Passwort versendet.')) return super().form_valid(form)