Closed nul800sebastiaan closed 8 years ago
I've added a comment for now that this is NOT best practice.. I think you're right and when I get time I'll update the blog post so we can send a different "You're already registered you banana" style email.
Fixed and checked in.
You're disclosing a lot of information currently when a user tries to do log in, reset, etc. Example: https://github.com/cheeseytoastie/UmbMembersFullTutorial/blob/master/Controllers/Account/MemberRegisterSurfaceController.cs#L36
Great, now I know that a certain email address has an account on this site, now I can start sending them phising mails. Or maybe they might be embarrassed to be a member on that particular site. This is all described here: https://www.troyhunt.com/everything-you-ever-wanted-to-know/