username | passwords | specimens | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-~'.*!()_ |
|
|
Has live lookup - appears to accept anything that isn't taken, as )
was unrejected
hahaha wtf is this username length limit
otherwise, that was beautifully straightforward
Truncation test passed
They don't link to this on the change page though they should
incidentally, the login page redirects to your profile when signed in - not reset though
entered username to reset, forgot to get stub so I entered it for email too (specimen for email reset is the second one)
I then followed the first link (worked), then the second link (also worked - this is the specimen). You'll note that neither logs me out
Tried the second link again to get the expired link specimen
logged out and tried the first reset random password to confirm that it didn't work
resetting doesn't log you out at any point, even after following where it's clear they expect you to be logged out
after you log in you're directed to the password change page, but you're not trapped there, though logging in again still goes to that page (presumably until you change it)
Spam checkboxes (opws/opws-dataset#175)
"Sign up for the npm Weekly" is pre-checked
Invalid account password reset (opws/opws-dataset#28)
Says if email addresses don't have an account, which is probably nbd as emails are public already.