On 07/26/2015 08:58 PM, Andrew Shadura wrote:
On 23/07/15 15:53, Mads Kiilerich wrote:
On 07/19/2015 03:35 PM, Andrew Shadura wrote:
# HG changeset patch
# User Andrew Shadura <[email protected]>
# Date 1431821238 -7200
# Sun May 17 02:07:18 2015 +0200
# Node ID 98cb64feddfb89f106f66763462061fd2ca3f412
# Parent f103b1a2383bc4fba5d28f9732ba832025e3bf00
secure password reset implementation
A couple of other things:
It should make sure it doesn't go too far with changing passwords when
using external authentication (but also not reveal too much information
too early). (I guess it would be nice if each authentication module had
a customizable "tell the user how to change the password" string...)
Right, I have to fix this.
...
Or, actually, I don't need to fix it yet, as it does no harm at all for
external users (it doesn't matter what we have in the database for them).
Agreed, it is an unrelated usability issue in this area.
The user is redirected to a " Code you received in the email" page ...
but the mail only contains a URL - no mentioning of any code.
Could you please check once more? Because it's one of the things I have
fixed in this revision of the patch.
Hmm. Right. Agreed.
/Mads
_______________________________________________
kallithea-general mailing list
[email protected]
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
