Not registered email address could enter for the password recovery

BEXIS2 / Core

This is the public code repository of the BEXIS2 data management software. It contains only modules, components, and packages of the core system. Contributed modules and components will be available in separate repositories. For more information on BEXIS2, please visit our website.

https://bexis2.github.io/

17 stars 13 forks source link

Not registered email address could enter for the password recovery #210

Closed navabpourn closed 5 years ago

navabpourn commented 5 years ago

If I click on the "Forgot your password", I am able to enter an Email which is not registered in the BEXIS2 system. This email address does not receive a recovery password email. It would be nice to inform the user about the wrong or not registered email address.

sventhiel-zz commented 5 years ago

The rationale behind this behaviour is, to prevent users to sniff for email addresses from registered users.

sventhiel-zz commented 5 years ago

After internal discussions, we decide to close this issue and keep going the same way. The reason is mentioned above.