Prevent leaking of information as to whether user account exists or not.

author: francis <francis> 2008-02-28 12:29:43 +0000
committer: francis <francis> 2008-02-28 12:29:43 +0000
commit: 37147aeb70389c4406e40f7ef7ea786eae2e8ac3 (patch)
tree: d67121594c5010a9667b2f5cdc952476e4431686 /app/models/user.rb
parent: 7314ca8e90358d11cc098db4f8355c48b66583ff (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/app/models/user.rb b/app/models/user.rb
index bb4ce8b5b..277d8958d 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -20,13 +20,12 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: user.rb,v 1.31 2008-02-27 14:01:30 francis Exp $
+# $Id: user.rb,v 1.32 2008-02-28 12:29:43 francis Exp $
 
 require 'digest/sha1'
 
 class User < ActiveRecord::Base
     validates_presence_of :email, :message => "^Please enter your email address"
-    validates_uniqueness_of :email, :case_sensitive => false, :message => "^There is already an account with that email address. You can sign in to it on the left."
 
     validates_presence_of :name, :message => "^Please enter your name"
     validates_presence_of :url_name
@@ -65,7 +64,7 @@ class User < ActiveRecord::Base
             # No user of same email, make one (that we don't save in the database)
             # for the forms code to use.
             user = User.new(params)
-            # deliberately same message as above so as not to leak whether 
+            # deliberately same message as above so as not to leak whether registered
             user.errors.add_to_base(auth_fail_message)
         end
         user
author	francis <francis>	2008-02-28 12:29:43 +0000
committer	francis <francis>	2008-02-28 12:29:43 +0000
commit	37147aeb70389c4406e40f7ef7ea786eae2e8ac3 (patch)
tree	d67121594c5010a9667b2f5cdc952476e4431686 /app/models/user.rb
parent	7314ca8e90358d11cc098db4f8355c48b66583ff (diff)