Issue2550716 Email address displayed after password reset request (fix)

Change the message displayed upon password reset using an account name
to no longer expose the email address. Password reset triggered using
an email address will still display the user supplied email address.

Author: rouilj

roundup/cgi/actions.py

@@ -976,7 +976,10 @@ def handle(self):
         if not self.client.standard_message([address], subject, body):
             return
 
-        self.client.add_ok_message(self._('Email sent to %s') % address)
+        if 'username' in self.form:
+            self.client.add_ok_message(self._('Email sent to primary notification address for %s.') % name)
+        else:
+            self.client.add_ok_message(self._('Email sent to %s.') % address)
 
 class RegoCommon(Action):
     def finishRego(self):