Closed amschaal closed 8 years ago
If a user tries to reset their password, they are not given any errors if they enter an erroneous email address. This can be misleading, but on the other hand, it may stop bots from phishing for login addresses.
It looks like this is a security measure, after all. https://docs.djangoproject.com/en/1.10/topics/auth/default/#django.contrib.auth.views.password_reset
If a user tries to reset their password, they are not given any errors if they enter an erroneous email address. This can be misleading, but on the other hand, it may stop bots from phishing for login addresses.