-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Email user when get Error when attempting to reset password #2926
Comments
Related: #4382 |
I don't think that's entirely related, we could handle a different message in this scenario like we do when we identify that the new requested password doesn't fit the policy enforced by LDAP. The key reason we hadn't in the past was that we didn't have a list of all the errors/constraint violations and it's still unclear whether or not those will differ between each LDAP implementation. |
I was thinking an admin toggle (default off) that would "enhance" the password reset email with the raw error message. Also I agree it's not something we should complete in the same feature, just thinking we can probably make a fairly generic email template that we can quickly add/remove elements on and that would partially help with implementing this feature. |
Hi , is there an update for this? I am having the same issue on release authelia/authelia:4.37.5 onwards , email sent successfully, logs: level=debug msg="Notifier SMTP client attempting connection to 127.0.0.1:25" End user get the "There was an issue resetting the password" message |
The updates will be present in the relevant issue as is standard practice. However in your situation it will likely be unhelpful to the end user which is likely also something that someone else will have issue with. |
Feature Request
So current behavior when attempt to reset the new password you get the below popup which is expected.
I understand that we don't want to give information to the "potential" attacker and that's fine.
But the popup msg of course does not help the user as to what they can do differently.
So an idea was to send them an email stating what the log msg says.
Description
Email the user with the error msg when they get a popup error msg when attempting to reset the password.
Use Case
At least with this one case we had was that the user was using an old ldap password but the msg was not helpful.
An email to the user stating they are trying to use an old password would probably save them some headaches, as well as the admin :)
Hope I did this FR right.
Thank you for the awesome support!
-Dave
The text was updated successfully, but these errors were encountered: