Page MenuHomePhabricator

More completely explain why we're refusing to send reset mail to an unverified address
ClosedPublic

Authored by epriestley on Sep 20 2017, 5:35 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Mar 26, 4:45 AM
Unknown Object (File)
Feb 7 2024, 4:02 AM
Unknown Object (File)
Feb 2 2024, 7:27 AM
Unknown Object (File)
Dec 21 2023, 3:05 AM
Unknown Object (File)
Dec 19 2023, 4:55 AM
Unknown Object (File)
Nov 30 2023, 6:12 AM
Unknown Object (File)
Nov 19 2023, 7:14 AM
Unknown Object (File)
Sep 29 2023, 10:07 PM
Subscribers
None

Details

Summary

See PHI78. The user was getting this message and (reasonably) interpreted it to mean "reset mail can never be sent to unverified addresses".

Reword it to be more clear, albeit an entire paragraph long. I don't really have a good solution in these cases where we'd need a whole page to explain what's happening (this, plus "we can't tell you which address you should use because an attacker could get information if we did" and "this rule defuses the risk that an opportunistic attacker may try to compromise your account after you add an email you don't own by mistake"). We could write it up separately and link to it, but I feel like that stuff tends to get out of date.

Just land somewhere in the middle.

Test Plan

Screen Shot 2017-09-20 at 10.35.20 AM.png (1×1 px, 143 KB)

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable