chg: [forgotten password] reset text clarifications

- to avoid dumdum users from sharing their quasi-passwords
2023-07-10 15:46:08 +02:00 · 2023-07-10 15:46:08 +02:00 · fb15d48c34
parent 3028132fcf
commit fb15d48c34
1 changed files with 1 additions and 1 deletions
--- a/app/Model/User.php
+++ b/app/Model/User.php
@ -2067,7 +2067,7 @@ class User extends AppModel
        $redis->set('misp:forgot:' . $token, $user['User']['id'], ['nx', 'ex' => 600]);
        $baseurl = Configure::check('MISP.external_baseurl') ? Configure::read('MISP.external_baseurl') : Configure::read('MISP.baseurl');
        $body = __(
-            "Dear MISP user,\n\nyou have requested a password reset on the MISP instane at %s. Click the link below to change your password.\n\n%s\n\nThe link above is only valid for 10 minutes, feel free to request a new one if it has expired.\n\nIf you haven't requested a password reset, feel free to ignore this. The IP used to trigger the request was: %s\n\nBest regards,\nYour MISP admin team",
+            "Dear MISP user,\n\nyou have requested a password reset on the MISP instance at %s. Click the link below to change your password.\n\n%s\n\nThe link above is only valid for 10 minutes, feel free to request a new one if it has expired.\n\nIf you haven't requested a password reset, reach out to your admin team and let them know that someone has attempted it in your stead.\n\nMake sure you keep the contents of this e-mail confidential, do NOT ever forward it as it contains a reset token that is equivalent of a password if acted upon. The IP used to trigger the request was: %s\n\nBest regards,\nYour MISP admin team",
            $baseurl,
            $baseurl . '/users/password_reset/' . $token,
            $ip