I am using FOSUserBundle with Symfony 3.4
I am trying to reset the user password and this works fine; only problem is that I can put ANY email and the status would be true saying that the email has been sent ??
How is it possible that FOS is finding a user that does not exist ? or did I miss something in my template ?
As far as I understand the status block is what should be displaying the error but it is always a success.
I have not overridden any of the default controller
{% extends 'UserBundle:Resetting:request.html.twig' %}
{% trans_default_domain 'FOSUserBundle' %}
{% block status %}
{{ 'resetting.check_email'|trans({'%tokenLifetime%': tokenLifetime})|nl2br }}
{% endblock %}
I think there is no problem and in addition it is a good behavior. Because otherwise, a person could easily devour a lot of users, which will cause a security problem. So if the user does not exist, not the pain to mention. Again, if you look closely at this class (in fosuserbundle repository) via the link : ResettingController, more precisely the method sendEmailAction, at the level of the 2nd control structure if
if (null !== $user && !$user->isPasswordRequestNonExpired($this->retryTtl))
you can notice that if the user does not exist then no mail is sent, the instructions inside the if are not executed and we go directly to a redirection instruction.
return new RedirectResponse($this->generateUrl('fos_user_resetting_check_email', array('username' => $username)));
That's why you see success all the time. Also this redirection above can be executed even in the case the user exists. That's how I tried to have an attempt to understand this process.