Forgot password view should use api and client
Bug #1130688 reported by
Michael Foord
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical SSO provider |
Confirmed
|
High
|
Ricardo Kirkner | ||
Bug Description
The forgot password view of sso has various issues:
* it can send *multiple* reset emails if the email provided is unverified
* the code to find the email address to send to is overly complex - it should use account.
* it doesn't tell the user if the reset fails because of suspended account, deactivated account or invalidated email
All of this can be fixed by using the ssoclient and api v2 in the forgot password view.
| Changed in canonical-identity-provider: | |
| status: | New → Confirmed |
| importance: | Undecided → High |
| assignee: | nobody → Ricardo Kirkner (ricardokirkner) |
| tags: | added: u1-by-dev u1-on-production |
To post a comment you must log in.
