New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The password reset message should be neutral #1347

Closed
syntrydy opened this Issue Nov 14, 2018 · 2 comments

Comments

Projects
None yet
3 participants
@syntrydy
Contributor

syntrydy commented Nov 14, 2018

If the user enters a known email address the page reloads with the "Please Check your Email for Password Reset Link" message, but if the user enters an unknown email address the page reloads without showing any message at all.

The message should be neutral in both cases:
Like this: Please Check your Email for Password Reset Link.
We don't want user to play the guessing game, they should know their email.

One more thing we can do to make sure user enter a correct email is this:

  • First field: Enter your email
  • Second field: Confirm your email

@syntrydy syntrydy added this to the 3.1.5 milestone Nov 14, 2018

@syntrydy syntrydy self-assigned this Nov 14, 2018

@willow9886

This comment has been minimized.

Contributor

willow9886 commented Nov 14, 2018

@yurem i thought we already fixed this flow? Can you comment here?

@yurem

This comment has been minimized.

Contributor

yurem commented Nov 15, 2018

@willow9886 yes, we removed code which send e-mail to any specified e-mail in password reset filed.
@syntrydy description looks right. The fix should be trivial. We need to move 1 line which add message outside of if block:

facesMessages.add(FacesMessage.SEVERITY_INFO,

Move 160 -> 168

Also we should avoid lines like 166-167:

				} catch (Exception e) {}

It's very difficult to find the bag if we mask exception without loggin in. I offer to use DEBUG or TRACE level for cases like this.

syntrydy added a commit that referenced this issue Nov 15, 2018

Merge pull request #1351 from /issues/1347
The password reset message should be neutral #1347

@syntrydy syntrydy closed this Nov 15, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment