Can't recover password if I forgot my username

[xmatthewx]

Lost password form requires a username. Can we set this to accept either username or email for ID? If not, email might be the better option since recovery will happen using it. It must be known.

[xmatthewx]

This a bug in the system, not the code.

If a user does not remember their username they can't:

• recover their password
• create a new account b/c email must be unique

[thisandagain]

:+1:

[xmatthewx]

Twitter has good UX with minimal clutter. Bonus points for the magical amnesia solution.

Twitter

[xmatthewx]

@simonwex @cadecairos @jbuck - This causes quite a few problems for users, and will likely be a thorn during Maker Party. Can we address this at some point in the next few weeks?

cc @hannahkane @flukeout

[cadecairos]

I anticipated that only allowing for resets by username would be a problem months ago, and built in support for both email and username reset requests. We just need to change the interfaces so they stop disallowing emails.

[alicoding]

Actually it makes it really easy for both user client implementation to just stick with one and that one option I agree with @xmatthewx that email would be better.

The complication with current form processing which we use Joi for our mixin makes it really hard to add or change anything currently, so if we use an existing validator (email) I think this can be done easily.

[xmatthewx]

An email-only recovery process will unblock lots of users who are currently stuck. Email-only is fairly standard. I propose we land that first and then look at how we can handle validation to also include Username.

[xmatthewx]

Some validation bugs to resolve https://github.com/mozilla/id.webmaker.org/pull/331#issuecomment-119666059

[cadecairos]

After playing around with this patch some more, it's become clear that a switch to just email is going to take a bunch of work, meaning, IMO, that it is just worth putting in the effort to switch to email and username.

[xmatthewx]

Ok. This shouldn't interfere with your work on batch updates, but I believe it's your next highest priority. Seem true to you? Anything else on your plate? How much time would you estimate?

[cadecairos]

@alicoding knows more about the state of our client side validation, so I can't speculate on how much time it will take, and just echo what I've heard from him about it being a fairly large lift.

[secretrobotron]

Just spoke with @alicoding. The problem lies within the joi/mixin system that we're using. It's too automatic, which prevents us from being able to customize error messages. It would be easy to setup the textbox to receive email/username, but providing accurate user-feedback is the blocker.

Advise: de-prioritize this in favour of localization and desktop. When @alicoding has some spare moments, would be good to look at properly fixing this.

@xmatthewx thoughts?

[cadecairos]

I'm taking a stab at this now, might not be tooooooo bad... _maybe_.

[cadecairos]

not quite done here.