Merge pull request #487 from bigcommerce/fix/security

fix: adjusted the messaging of the auth screens

Author: chanceaclark

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## [5.1.2]
+
+### Fixed
+- Updated auth screen messaging to comply with OWASP guidelines.
+
 ## [5.1.1]
 
 ### Changed
@@ -1934,6 +1939,7 @@
   in fact, reset postdata, so far as Gutenberg 3.2.0 is concerned.
 
 
+[5.1.2]: https://github.com/bigcommerce/bigcommerce-for-wordpress/compare/5.1.1...5.1.2
 [5.1.1]: https://github.com/bigcommerce/bigcommerce-for-wordpress/compare/5.1.0...5.1.1
 [5.1.0]: https://github.com/bigcommerce/bigcommerce-for-wordpress/compare/5.0.8...5.1.0
 [5.0.8]: https://github.com/bigcommerce/bigcommerce-for-wordpress/compare/5.0.7...5.0.8

bigcommerce.php

@@ -3,7 +3,7 @@
 Plugin Name:  BigCommerce for WordPress
 Description:  Scale your ecommerce business with WordPress on the front-end and BigCommerce on the back end. Free up server resources from things like catalog management, processing payments, and managing fulfillment logistics.
 Author:       BigCommerce
-Version:      5.1.1
+Version:      5.1.2
 Author URI:   https://www.bigcommerce.com/wordpress
 Requires PHP: 7.4.0
 Text Domain:  bigcommerce

readme.txt

@@ -3,7 +3,7 @@ Contributors: bigcommerce, moderntribe, jbrinley, becomevocal, vincentlistrani,
 Tags: ecommerce, online store, sell online, storefront, retail, online shop, bigcommerce, big commerce, e-commerce, physical products, buy buttons, commerce, shopping cart, checkout, cart, shop, headless commerce, shipping, payments, fulfillment
 Requires at least: 5.2
 Tested up to: 6.7
-Stable tag: 5.1.1
+Stable tag: 5.1.2
 Requires PHP: 7.4.0
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html

src/BigCommerce/Accounts/Login.php

@@ -5,7 +5,6 @@
 
 
 use BigCommerce\Accounts\Roles\Customer as Customer_Role;
-use Bigcommerce\Api;
 use BigCommerce\Api_Factory;
 use BigCommerce\Import\Processors\Store_Settings;
 use BigCommerce\Pages\Account_Page;

src/BigCommerce/Forms/Registration_Handler.php

@@ -8,7 +8,6 @@
 use BigCommerce\Accounts\Login;
 use BigCommerce\Accounts\Roles\Customer as Customer_Role;
 use BigCommerce\Accounts\User_Profile_Settings;
-use BigCommerce\Container\Accounts;
 use BigCommerce\Import\Processors\Default_Customer_Group;
 use BigCommerce\Import\Processors\Store_Settings;
 use BigCommerce\Pages\Account_Page;
@@ -78,7 +77,7 @@ public function handle_request( $submission ) {
 					$errors->add( 'email', $user_id->get_error_message() );
 					break;
 				case 'existing_user_login':
-					$errors->add( 'email', __( 'Sorry, that email address is already used!', 'bigcommerce' ) );
+					$errors->add( 'email', __( 'Failed to create your account.', 'bigcommerce' ) );
 					break;
 				case 'empty_user_login':
 				case 'user_login_too_long':
@@ -176,17 +175,6 @@ private function should_handle_request( $submission ) {
 		return true;
 	}
 
-	/**
-	 * @param $email
-	 *
-	 * @return bool
-	 */
-	private function is_email_free( $email ): bool {
-		$user = get_user_by( 'login', $email );
-
-		return empty( $user );
-	}
-
 	private function validate_submission( $submission ) {
 		$errors = new \WP_Error();
 
@@ -205,10 +193,9 @@ private function validate_submission( $submission ) {
 			$errors->add( 'email', __( 'Email Address is required.', 'bigcommerce' ) );
 		} elseif ( ! is_email( $submission[ 'bc-register' ][ 'email' ] ) ) {
 			$errors->add( 'email', __( 'Please verify that you have submitted a valid email address.', 'bigcommerce' ) );
-		} elseif ( ! $this->is_email_free( $submission['bc-register']['email'] ) ) {
-			$errors->add( 'email', __( 'Sorry, that email address is already used!', 'bigcommerce' ) );
 		}
 
+
 		if ( empty( $submission[ 'bc-register' ][ 'new_password' ] ) ) {
 			$errors->add( 'new_password', __( 'Please set your password.', 'bigcommerce' ) );
 		}

src/BigCommerce/Plugin.php

@@ -4,7 +4,7 @@
 namespace BigCommerce;
 
 class Plugin {
-	const VERSION = '5.1.1';
+	const VERSION = '5.1.2';
 
 	protected static $_instance;
 

src/BigCommerce/Shortcodes/Registration_Form.php

@@ -21,4 +21,4 @@ public function render( $attr, $instance ) {
 		return $component->render();
 	}
 
-}
+}

src/BigCommerce/Templates/Lost_Password_Form.php

@@ -53,12 +53,18 @@ private function get_message() {
 		}
 		switch ( $_GET[ 'bc-message' ] ) {
 			case 'empty_username':
-			case 'invalid_email':
 				$message = Message::factory( [
-					Message::CONTENT => __( 'Please enter a valid email address.', 'bigcommerce' ),
+					Message::CONTENT => __( 'Please enter an email address.', 'bigcommerce' ),
 					Message::TYPE    => Message::ERROR,
 				] );
 
+				return $message->render();
+			case 'invalid_email':
+				$message = Message::factory( [
+					Message::CONTENT => __( 'Check your email for the reset link.', 'bigcommerce' ),
+					Message::TYPE    => Message::NOTICE,
+				] );
+
 				return $message->render();
 			default:
 				return '';