From 3051daf5eb051485d5c92ee6d967edef427f5ead Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Tue, 31 Mar 2020 19:25:23 -0500
Subject: [PATCH] password resets: fix exception when given user does not
 exist.

---
 app/controllers/password_resets_controller.rb      | 5 ++++-
 test/functional/password_resets_controller_test.rb | 6 ++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/app/controllers/password_resets_controller.rb b/app/controllers/password_resets_controller.rb
index f84762dc2..06274fb0d 100644
--- a/app/controllers/password_resets_controller.rb
+++ b/app/controllers/password_resets_controller.rb
@@ -4,7 +4,10 @@ class PasswordResetsController < ApplicationController
   def create
     @user = User.find_by_name(params.dig(:user, :name))
 
-    if @user.can_receive_email?(require_verification: false)
+    if @user.blank?
+      flash[:notice] = "That account does not exist"
+      redirect_to password_reset_path
+    elsif @user.can_receive_email?(require_verification: false)
       UserMailer.password_reset(@user).deliver_later
       flash[:notice] = "Password reset email sent. Check your email"
       respond_with(@user, location: new_session_path)
diff --git a/test/functional/password_resets_controller_test.rb b/test/functional/password_resets_controller_test.rb
index 1ceef2bea..9455ec67d 100644
--- a/test/functional/password_resets_controller_test.rb
+++ b/test/functional/password_resets_controller_test.rb
@@ -25,6 +25,12 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
         assert_redirected_to @user
         assert_no_enqueued_emails
       end
+
+      should "fail if the user does not exist" do
+        post password_reset_path, params: { user: { name: "qoi23oti" } }
+
+        assert_redirected_to password_reset_path
+      end
     end
   end
 end