Bug 1191779 - User who has forgotten their password, but not yet activated, cannot recover their account
Summary: User who has forgotten their password, but not yet activated, cannot recover ...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Zanata
Classification: Retired
Component: Component-UI
Version: 3.6
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 3.7
Assignee: Alex Eng
QA Contact: Damian Jansen
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-02-11 23:38 UTC by Damian Jansen
Modified: 2015-07-22 02:19 UTC (History)
2 users (show)

Fixed In Version: 3.7.0-SNAPSHOT (git-jenkins-zanata-server-github-pull-requests-2669)
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-07-22 02:19:56 UTC
Embargoed:

Attachments (Terms of Use)

Description Damian Jansen 2015-02-11 23:38:32 UTC 
Description of problem:
There's a hole in the auth process where if the user (for example)

1. Signs up to Zanata (not clicking on the activation email)
2. Forgets their password
3. Returns a time later and presses Forgot Password
4. Enters valid username and email
5. Presses Submit

They will be unable to proceed - the system will not, due to no authentication
- send the reset password email
- resend the activation email
- allow any form of updating

Zanata should allow them to to enter username and email, then either just send the activation email and tell the user (easier), or redirect to the account activation page with restrictions to resend email only (less easy).

Version-Release number of selected component (if applicable):
3.6 snapshot
Comment 1 Alex Eng 2015-02-12 04:05:48 UTC 
Pull request:
https://github.com/zanata/zanata-server/pull/689
Comment 2 Damian Jansen 2015-02-23 00:44:06 UTC 
Verified merge (master) at b319ce824c4fd49ce86b2814f17977b2bb16eae8
Note You need to log in before you can comment on or make changes to this bug.