Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Email not found" response for registration/password reset #156

Open
doub1ejack opened this issue Nov 2, 2019 · 1 comment
Open

"Email not found" response for registration/password reset #156

doub1ejack opened this issue Nov 2, 2019 · 1 comment
Labels
auth Related to user authentication/login/etc firebase

Comments

@doub1ejack
Copy link
Member

Currently if a user does not have an active account and they request a password-reset email (via "forgot password" or "register" links) the app will incorrectly tell them that a password was sent.

Before sending the password (in resetPassword() in data-sources/firebase-data.js), we should check to see if the email matches a valid account and give the user feedback accordingly.
@doub1ejack doub1ejack added auth Related to user authentication/login/etc firebase labels Nov 2, 2019
@jfenner
Copy link
Member

jfenner commented Nov 3, 2019

I would actually disagree with this from a security standpoint. I implemented the password reset this way because it is a security risk to tell them that the email is not valid.

We could change the message to be something like "If your email address is registered with the system, you will receive the password reset via email".

@mpettit mpettit self-assigned this Feb 12, 2020
@mpettit mpettit removed their assignment Apr 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth Related to user authentication/login/etc firebase
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@doub1ejack @jfenner @mpettit