#23793: Password Reset is confusing
--------------------------------+--------------------
Reporter: collinanderson | Owner: nobody
Type: Uncategorized | Status: new
Component: contrib.auth | Version: 1.6
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------+--------------------
Ever since #19758 (Avoided leaking email existence through the password
reset), I think the password reset is confusing.
- If it's not too late, could we add #19758 to the release notes for 1.6?
- Seems to me, like the comments on the original ticket said, we should
still document a code example of how to validate the email address (with a
caution about information leakage). (Could just copy the removed code.)
- Maybe we could reword the message "Password reset successful", because
we're saying it's successful even if it isn't. Maybe something like, "If
we find matching email address, we'll send you an email".
- Better yet, if there's no match, maybe we could send an email saying
"We're sorry, we couldn't find an account with your email address."
--
Ticket URL: <https://code.djangoproject.com/ticket/23793>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/057.64ba85c2f5509ec8d8ed2851780fa57e%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
