From f134b08ecf46ea20a99a98609e86f62cf9dc909c Mon Sep 17 00:00:00 2001
From: Thomas Forgione <thomas@tforgione.fr>
Date: Fri, 29 Sep 2017 14:42:42 +0200
Subject: [PATCH] Nice error messages

---
 controllers/auth/templates/passwordForgotten.pug |  3 +++
 controllers/auth/views.js                        | 13 +++++++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/controllers/auth/templates/passwordForgotten.pug b/controllers/auth/templates/passwordForgotten.pug
index a415346..6ef3214 100644
--- a/controllers/auth/templates/passwordForgotten.pug
+++ b/controllers/auth/templates/passwordForgotten.pug
@@ -4,6 +4,9 @@ block content
     .row
         .col
         .col
+            if passwordForgottenFailed
+                .alert.alert-danger
+                    | This email does not exist in our database.
             form(method="POST", action=getUrl("passwordForgottenTarget"))
                 .form-group
                     input.form-control(type="text", name="email", placeholder="Enter your email address", autofocus)
diff --git a/controllers/auth/views.js b/controllers/auth/views.js
index 1979728..30d956a 100644
--- a/controllers/auth/views.js
+++ b/controllers/auth/views.js
@@ -149,13 +149,20 @@ module.exports.activate = function(req, res, render, next) {
 }
 
 module.exports.passwordForgotten = function(req, res, render, next) {
+    if (req.session.passwordForgottenFailed) {
+        res.locals.passwordForgottenFailed = req.session.passwordForgottenFailed;
+        req.session.passwordForgottenFailed = undefined;
+        req.session.save();
+    }
     render('passwordForgotten.pug');
 }
 
 module.exports.passwordForgottenTarget = function(req, res, render, next) {
     User.getByEmail(req.body.email, (err, user) => {
         if (err !== undefined) {
-            return res.send("Nope");
+            req.session.passwordForgottenFailed = true;
+            req.session.save();
+            return res.redirect(getUrl('passwordForgotten'));
         }
 
         require('crypto').randomBytes(48, function(err, buffer) {
@@ -163,7 +170,9 @@ module.exports.passwordForgottenTarget = function(req, res, render, next) {
             user.save();
 
             if (!user.active) {
-                return res.send("Nope");
+                req.session.passwordForgottenFailed = true;
+                req.session.save();
+                return res.redirect(getUrl('passwordForgotten'));
             }
 
             res.locals.user = user;