This repository has been archived by the owner on May 6, 2024. It is now read-only.
Password reset shows success regardless of whether or not email address is known #38
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Attempting to get a password reset with https://fairblogs.nl/accounts/password_reset using sjenkie@sjenk.sjenk leads to a success message.
https://fairblogs.nl/accounts/password_reset/done/
Perhaps the password reset should do a lookup to check that the user exists, if so show success message, and if not show an 'unknown email address' message
The text was updated successfully, but these errors were encountered: