Open follower opened 4 years ago
This will be done in the asset library rewrite, which I'm currently working on :slightly_smiling_face:
@Calinou What is status of the rewrite?
@menip The rewrite is feature-complete but remains to be deployed on a live instance.
There's a bug in the HTML formatting of the confirmation emails which I need to fix though.
So, basically, a troll user or malicious attacker could be sending a bunch of POST requests via script, taking every possible username for themselves for the past 3 years and there's no confirmation, captcha or anything at all that could be stopping them?
And agree that the lack of feedback is very confusing, specially since the Login/Register part is used as both a toggle switch and a submit button, apparently...? That's so counter-intuitive. There's also no "enter password again" validation on registration, to minimize typing error.
Also you can only log in by username, you can't use email. And there's no confirmation email, so if you forget your username, then ...? Does the "forgot password" email tells your username too, at least?
After registering an account no confirmation/verification/validation of the email address is performed.
Normally I'd expect to receive a "confirmation email" with a link to confirm the email address is mine before I could log in.
(Related: AFAICT there is no "successful registration" feedback when registering an account--the page just redirects to the login page.)
Potentially related issues: