Opened 8 years ago

Closed 8 years ago

#26012 closed Bug (invalid)

Provide an error message during password reset if email doesn't exist

Reported by: Nauman Tariq Owned by: nobody
Component: contrib.auth Version: 1.8
Severity: Normal Keywords: password reset
Cc: Nauman Tariq Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Currently if we use django builtin password reset functionality, it didn't handles the case to notify the user that entered email is not registered or some error message. I think system must notify the user for that otherwise user waits for the email to receive.

Change History (2)

comment:1 by Nauman Tariq, 8 years ago

Cc: Nauman Tariq added

comment:2 by Tim Graham, 8 years ago

Resolution: invalid
Status: newclosed
Summary: Reset Password If Email doesn't existProvide an error message during password reset if email doesn't exist

As noted in the documentation:

If the email address provided does not exist in the system, this view won’t send an email, but the user won’t receive any error message either. This prevents information leaking to potential attackers. If you want to provide an error message in this case, you can subclass PasswordResetForm and use the password_reset_form argument.

Note: See TracTickets for help on using tickets.
Back to Top