Because of the awkward relationship between `users` and `auth_user`, anonymizing a user will clear out the `users` table, but not `auth_user`. Password recovery comes from `auth_user`, so their email is still in there and is sent back to them. Those two tables need to be cleaned up.
8 years ago
Summary: Deleted user can recover their password → Deleted user can recover their password and that's a bad thing
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
STR: 1.From the admin panel,make an existing user -anonymous 2.Go for Forgot password page. 3.Enter the email of that user observed behavior: "That e-mail address doesn't have an associated user account. Are you sure you've registered?" is displayed. verified
Status: RESOLVED → VERIFIED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.