Page MenuHomePhabricator

More completely explain why we're refusing to send reset mail to an unverified address
ClosedPublic

Authored by epriestley on Sep 20 2017, 5:35 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Dec 25, 5:54 PM
Unknown Object (File)
Fri, Dec 6, 12:25 AM
Unknown Object (File)
Fri, Nov 29, 12:44 PM
Unknown Object (File)
Wed, Nov 27, 7:57 PM
Unknown Object (File)
Nov 23 2024, 6:45 PM
Unknown Object (File)
Nov 3 2024, 3:17 AM
Unknown Object (File)
Oct 20 2024, 2:26 PM
Unknown Object (File)
Oct 17 2024, 11:29 PM
Subscribers
None

Details

Summary

See PHI78. The user was getting this message and (reasonably) interpreted it to mean "reset mail can never be sent to unverified addresses".

Reword it to be more clear, albeit an entire paragraph long. I don't really have a good solution in these cases where we'd need a whole page to explain what's happening (this, plus "we can't tell you which address you should use because an attacker could get information if we did" and "this rule defuses the risk that an opportunistic attacker may try to compromise your account after you add an email you don't own by mistake"). We could write it up separately and link to it, but I feel like that stuff tends to get out of date.

Just land somewhere in the middle.

Test Plan

Screen Shot 2017-09-20 at 10.35.20 AM.png (1×1 px, 143 KB)

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable