https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16711
--- Comment #7 from Marc VĂ©ron <[email protected]> --- Thinking loud about sending information about all library accounts if in password recovery an email with multiple library accounts attached is given: What could be the reasons to have one email address and multiple accounts? - An individual has multiple library accounts, e.g. one for professional purposes and a private one. For exammple a teacher needs books for school and wants to separate that from their private lecture. In that case sending a reset links for multiple accounts would be OK (no privacy breach) because it is the same person. But atm the mail contains only a reset link, no information that would help to identifiy the account. So the individual could reset the wrong password. - A group (family, couple) shares the same email but they have different library accounts In that case, privacy is defined by the group: Either one individual has access to the email or all of the group have access. If all have access, one individual could change the password for an other one. That would be a privacy breach. OK then, it is not a good idea to send reset links for all accounts attached to an email account. IMO the easiest solution would be not to send recovery link(s), but to display an information similar to the one that appears if an email address is not found in the database (Error No account was found with the provided information. Please...) The message could be something like: ------------- Information Multiple library accounts are attached to this email. Please fill the field 'Login' to identify which password you want to reset. Please contact the library if you need further assistance. ------------- Additionally, there could be more enhancements (to be covered by separate bugs): - Have a syspref to prevent multiple accounts with same email (could get complicated for existing installs) - Have a precooked report that displays library accounts sharing one email address -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
