Closed Bug 1246203 Opened 8 years ago Closed 8 years ago

Password Reset in Sumo Account

Categories

(support.mozilla.org :: Users and Groups, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED INCOMPLETE

People

(Reporter: kapalawai.sandeep.sandeep, Unassigned)

Details

While we  forgot our password , here we will use  password reset link.But even though it should validate email id
Component: General → Users and Groups
Product: Firefox → support.mozilla.org
Can you explain the problem? https://support.mozilla.org/users/pwreset needs the email address.
Flags: needinfo?(kapalawai.sandeep.sandeep)
The password reset  is not validating the email id .Please make sure  to validate while we use this facility.
Flags: needinfo?(kapalawai.sandeep.sandeep)
I don't understand what you mean, obtain the verification link from the email = verified. It seems to be no necessary to enter the email address when reset password.
(In reply to sandeep from comment #2)
> The password reset  is not validating the email id .Please make sure  to
> validate while we use this facility.

Are you suggesting that we validate that the email put into the form is a valid email linked to an account, and should display an error if the email as input doesn't match an existing account?

This is a common thing some sites do, but it's a privacy leak, as it lets you confirm if someone has a SUMO account by putting in their email and seeing whether you get the validation error or not. That's why we intentionally show the same message even if you put in an invalid email; so as not to leak info about who has a SUMO account.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
Resolution: INVALID → WORKSFORME
Resolution: WORKSFORME → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.