# HG changeset patch # User Andrew Shadura <and...@shadura.me> # Date 1431787037 -7200 # Sat May 16 16:37:17 2015 +0200 # Node ID 9b7a12fef6f4922730fb9e690e0567a6a4b32473 # Parent d7f13c2a28bacccdab00745a8dccf39fa4c40e31 privacy: on password reset, don't tell strangers if email is valid or not
Password reset form might be used to check if users with specific email addresses have accounts in the system by requesting their password to be reset. It's probably not a good idea to give this sort of information to complete strangers. diff --git a/kallithea/model/forms.py b/kallithea/model/forms.py --- a/kallithea/model/forms.py +++ b/kallithea/model/forms.py @@ -202,7 +202,7 @@ def PasswordResetForm(): class _PasswordResetForm(formencode.Schema): allow_extra_fields = True filter_extra_fields = True - email = All(v.ValidSystemEmail(), v.Email(not_empty=True)) + email = v.Email(not_empty=True) return _PasswordResetForm _______________________________________________ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general