Improve exception thrown when user does not exists

Eseperio · web-flow · commit 0a5199f1c424 · 2024-05-15T09:12:02.000+02:00
The previous exception was Runtime; since attackers perform batch requests on this services with random emails, logs systems gets flooded with "User not found" messages, which are not useful for debugging since this is not a runtime exception as is.
diff --git a/src/User/Service/PasswordRecoveryService.php b/src/User/Service/PasswordRecoveryService.php
@@ -50,7 +50,7 @@ public function run()
             $user = $this->query->whereEmail($this->email)->one();
 
             if ($user === null) {
-                throw new \RuntimeException('User not found.');
+                throw new NotFoundHttpException(Yii::t('usuario', 'User not found'));
             }
 
             $token = TokenFactory::makeRecoveryToken($user->id);

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ public function run()`
`50`	`50`	`$user = $this->query->whereEmail($this->email)->one();`
`51`	`51`
`52`	`52`	`if ($user === null) {`
`53`		`- throw new \RuntimeException('User not found.');`
	`53`	`+ throw new NotFoundHttpException(Yii::t('usuario', 'User not found'));`
`54`	`54`	`}`
`55`	`55`
`56`	`56`	`$token = TokenFactory::makeRecoveryToken($user->id);`