#7543 Password recovery should not confirm email addr existance

v1.2.0
closed
General
2015-08-20
2014-07-07
No

The forgotten password recovery form says "Unable to recover password for this email" if you enter an email that is not in our database. This can be used to determine if an email address is in the system or not. Instead, we should always have a generic success message like "A password reset email has been sent, if the given email address is on record in our system."

Related

Tickets: #7527

Discussion

  • Dave Brondsema

    Dave Brondsema - 2014-07-11
    • Size: --> 1
     
  • Alexander Luberg

    • status: open --> in-progress
    • assigned_to: Alexander Luberg
     
  • Alexander Luberg

    allura:al/7543

     
  • Alexander Luberg

    • status: in-progress --> code-review
     
  • Dave Brondsema

    Dave Brondsema - 2014-07-16

    Looks good.

    I notice some EmailAddress lookup that will probably have to change when we do [#7527]

     

    Related

    Tickets: #7527

  • Dave Brondsema

    Dave Brondsema - 2014-07-16
    • status: code-review --> closed
    • QA: Dave Brondsema
     
  • Dave Brondsema

    Dave Brondsema - 2015-01-05
    • Milestone: unreleased --> asf_release_1.2.0
     

Log in to post a comment.