Closed the-t-in-rtf closed 9 years ago
My preference is to definitely do option 1 if only an email address is passed in. I am not a big fan of sites that make you have to remember your username and email address to recover a password, but I am open to option 2 if others feel like it would be a valuable feature.
Other opinions?
Option 1 makes the most sense to me. I don't see a reason for two different users to have the same e-mail address.
Joel V
On Fri, Sep 19, 2014 at 9:35 AM, Stokes Player notifications@github.com wrote:
My preference is to definitely do option 1 if only an email address is passed in. I am not a big fan of sites that make you have to remember your username and email address to recover a password, but I am open to option 2 if others feel like it would be a valuable feature.
Other opinions?
— Reply to this email directly or view it on GitHub https://github.com/twilson63/express-couchUser/issues/36#issuecomment-56177440 .
+1 for option 1
Sent from my iPad
On Sep 20, 2014, at 8:35 AM, Joel V notifications@github.com wrote:
Option 1 makes the most sense to me. I don't see a reason for two different users to have the same e-mail address.
Joel V
On Fri, Sep 19, 2014 at 9:35 AM, Stokes Player notifications@github.com wrote:
My preference is to definitely do option 1 if only an email address is passed in. I am not a big fan of sites that make you have to remember your username and email address to recover a password, but I am open to option 2 if others feel like it would be a valuable feature.
Other opinions?
— Reply to this email directly or view it on GitHub https://github.com/twilson63/express-couchUser/issues/36#issuecomment-56177440 .
— Reply to this email directly or view it on GitHub.
I created a pull request with tests:
In testing the library with multiple users, I've discovered that the "forgot password" feature does not handle multiple accounts with the same email address sanely. Only the first account returned for a given email address is associated with the reset token. This makes it impossible to reset the password for any other accounts associated with the same email address.
I can see a few ways to address this:
Happy to make the changes and submit a pull request, just let me know what approach you'd prefer.