tan-at
commented
2 weeks ago Related to User Story User can reset their password APUOPE-RE/backend#12
Open tan-at opened 2 weeks ago
tan-at
commented
2 weeks ago Related to User Story User can reset their password APUOPE-RE/backend#12
tan-at
commented
2 weeks ago Created new TASK issue to implement the password reset message Add a message after submitting email to Reset Password form APUOPE-RE/frontend#51
Edit: ^ Issue was already solved in BUG Improving the UX when sending a password reset email APUOPE-RE/frontend#49
tan-at
commented
1 week ago Tested in dev on 15.11.2024 with user: apuopetest1@gmail.com Same error still occurs when a password reset is requested with an email that doesn't exist (apuopetest1@gmail.co).
Issue does not occur when submitting the password reset form with an email that has an existing account (apuopetest1@gmail.com).
tan-at
commented
4 days ago Issue caused by backend sending error 500 if it doesn't find an account with the same email the forgotten password form was submitted with. Error does not prevent functionality, but may prove a security challenge, as it can be utilized to find out what email's have been used to register an account to the tool.
Consider the issue low priority
Tested on 6.11.2024 in backend branch "Issue11-chat-backend" and frontend branch "dev" in browser: Google Chrome. Connected to tuni network via eduVPN during testing.
Tested with: Invalid user email: apuopetest1@gmail.co (Valid user email with an existing account: apuopetest1@gmail.com)
Steps to recreate issue:
What I expected to happen: After a user fills the required email field with an email account that doesn't exist, they should be shown the normal message "Password Reset Request Received. If the email address you entered is associated with an account, we’ve sent you an email with a link to reset your password." No reset email should be sent if an account with the email doesn't exist. ^NOTE, this message feature does not exist. Creating a issue and linking it in comments section.
What really happened: After a user fills the required email field with an email account that doesn't exist, nothing visible happens, but in the developer console, there are visible errors.
Acceptance criteria:
After a user fills the required email field with an email account that doesn't exist, they are shown the normal message "Password Reset Request Received. If the email address you entered is associated with an account, we’ve sent you an email with a link to reset your password." ^Implementation separated to a new issue ticket linked in comments. No reset email should be sent if an account with the email doesn't exist.