Page MenuHomePhabricator
Differential D18630

More completely explain why we're refusing to send reset mail to an unverified address
ClosedPublic
Actions

Authored by epriestley on Sep 20 2017, 5:35 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Nov 23, 6:45 PM
Unknown Object (File)
Sun, Nov 3, 3:17 AM
Unknown Object (File)
Oct 20 2024, 2:26 PM
Unknown Object (File)
Oct 17 2024, 11:29 PM
Unknown Object (File)
Oct 2 2024, 6:38 AM
Unknown Object (File)
Sep 28 2024, 4:41 AM
Unknown Object (File)
Sep 26 2024, 11:39 AM
Unknown Object (File)
Sep 24 2024, 4:41 AM
View All 90 Files
Subscribers
None

Details

Reviewers
amckinley
Commits
rP3fbad684c142: More completely explain why we're refusing to send reset mail to an unverified…
Summary

See PHI78. The user was getting this message and (reasonably) interpreted it to mean "reset mail can never be sent to unverified addresses".

Reword it to be more clear, albeit an entire paragraph long. I don't really have a good solution in these cases where we'd need a whole page to explain what's happening (this, plus "we can't tell you which address you should use because an attacker could get information if we did" and "this rule defuses the risk that an opportunistic attacker may try to compromise your account after you add an email you don't own by mistake"). We could write it up separately and link to it, but I feel like that stuff tends to get out of date.

Just land somewhere in the middle.

Test Plan

Screen Shot 2017-09-20 at 10.35.20 AM.png (1×1 px, 143 KB)

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
src/
applications/
auth/
controller/
7 lines

Diff 44727

View Options

src/applications/auth/controller/PhabricatorEmailLoginController.php

Loading...
Phabricator · Built by Phacility