Apache Allura™

Forge software for hosting software projects

Brought to you by: alexluberg, brondsem, ccruz, deshani, and 11 others

#7678 ini option to limit pwd reset to primary email address

Milestone: v1.2.0

Status: closed

Owner: Alexander Luberg

Labels: sf-1 (616)

Component: General

Reviewer: Dave Brondsema

Updated: 2015-08-20

Created: 2014-09-10

Creator: Dave Brondsema

Private: No

We should have a .ini config option to limit password resets to the primary email address of a user, rather than all verified email addresses.

The "success" message 'A password reset email has been sent, if the given email address is on record in our system.' will have to be changed if the option is enabled. If so, message should be 'A password reset email has been sent, if the given email address is on record as a primary email address.'

Discussion

Dave Brondsema - 2014-09-22

Size: --> 1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Alexander Luberg - 2014-09-22

status: open --> in-progress
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Alexander Luberg - 2014-09-23

assigned_to: Alexander Luberg
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Alexander Luberg - 2014-09-25

allura, forge-classic & configtree : al/7678

We may need to change the message to a better one, please double check it.
I have removed the property forgotten password process from SFAuthProvider (probably needs to be done when we will push it live?).

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Alexander Luberg - 2014-09-25

status: in-progress --> code-review
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-09-26

QA: Dave Brondsema
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-09-26

The text for sending to primary instead of the entered address, would be better as "If the given email address is on record, a password reset email has been sent to the account's primary email address."

If the setting is false, and you enter a non-existent email addr, you get an exception 'NoneType' object has no attribute 'get_pref'

The test would be better if it asserts the email went to primary address.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-09-26

status: code-review --> in-progress
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Alexander Luberg - 2014-09-26

status: in-progress --> code-review
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-09-29

status: code-review --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-10-30

Milestone: asf_release_1.0.0 --> unreleased
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2015-01-05

Milestone: unreleased --> asf_release_1.2.0
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.