password resets: fix exception when given user does not exist.

2020-03-31 19:25:23 -05:00
parent 25776a062c
commit 3051daf5eb
2 changed files with 10 additions and 1 deletions
--- a/app/controllers/password_resets_controller.rb
+++ b/app/controllers/password_resets_controller.rb
@@ -4,7 +4,10 @@ class PasswordResetsController < ApplicationController
  def create
    @user = User.find_by_name(params.dig(:user, :name))

-    if @user.can_receive_email?(require_verification: false)
+    if @user.blank?
+      flash[:notice] = "That account does not exist"
+      redirect_to password_reset_path
+    elsif @user.can_receive_email?(require_verification: false)
      UserMailer.password_reset(@user).deliver_later
      flash[:notice] = "Password reset email sent. Check your email"
      respond_with(@user, location: new_session_path)