search

sonata-project / SonataUserBundle

Symfony SonataUserBundle
https://docs.sonata-project.org/projects/SonataUserBundle
MIT License
339 stars 488 forks source link

Avoid Username/Email is passed as clear GET Parameter to CheckEmailAction on password reset process #1693

Closed BA-JBI closed 3 weeks ago

BA-JBI commented 3 weeks ago

Subject

Avoid Username/Email is passed as clear GET Parameter to CheckEmailAction on password reset process as discussed in https://github.com/sonata-project/SonataUserBundle/issues/1692

I am targeting this branch, because this fixes an privacy issue and doesn't break anything.

Closes #1692.

Changelog

Removed

BA-JBI commented 3 weeks ago

Sorry, I forgot the service definitions because I'm already way too spoiled by Symfony's autowiring technology

Hanmac commented 3 weeks ago

Ugh, I forgot another location again: https://github.com/sonata-project/SonataUserBundle/blob/8713dce8c788b06cd396e6122459768ecad7022f/src/DependencyInjection/SonataUserExtension.php#L123-L124

Hanmac commented 3 weeks ago

@VincentLanglet I think this MR is ready to run the Tests?

Hanmac commented 3 weeks ago

@VincentLanglet about the native_function_invocation Lint, should I make an MR for this, or should a bot handle that?

VincentLanglet commented 3 weeks ago

A rebase should solve the issues

BA-JBI commented 3 weeks ago

Tried to apply the backward compatibility as good as possible similar to the suggested code. Hope this matches the expected solution

VincentLanglet commented 3 weeks ago

I rebased fixed and merged in https://github.com/sonata-project/SonataUserBundle/pull/1695.

Thanks !

BA-JBI commented 3 weeks ago

Yey cool Thank You !!!