You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Scenario: I can't reset my password with an invalid email addressWhen I reset my password using invalid email address
Then the request should be invalid with message 'User with field "email" equal to "foo@example.com" cannot be found.'
This scenario is a security leak cause it allows any user to check which email is stored in the database. If email address is invalid, the following message should be visible: if the email address exists, an email has been sent to it..
Same for following scenario:
Scenario: I can't reset my password if I already request a tokenGiven I have a valid token
When I reset my password
Then the request should be invalid with message 'An unexpired token already exists for this user.'
Response should be 200 & message should be the same.
The text was updated successfully, but these errors were encountered:
This scenario is a security leak cause it allows any user to check which email is stored in the database. If email address is invalid, the following message should be visible:
if the email address exists, an email has been sent to it.
.Same for following scenario:
Response should be 200 & message should be the same.
The text was updated successfully, but these errors were encountered: