Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
The password reset message should be neutral #1347
If the user enters a known email address the page reloads with the "Please Check your Email for Password Reset Link" message, but if the user enters an unknown email address the page reloads without showing any message at all.
The message should be neutral in both cases:
One more thing we can do to make sure user enter a correct email is this:
@willow9886 yes, we removed code which send e-mail to any specified e-mail in password reset filed.
Move 160 -> 168
Also we should avoid lines like 166-167:
It's very difficult to find the bag if we mask exception without loggin in. I offer to use DEBUG or TRACE level for cases like this.