Modify

Opened 8 years ago

Closed 8 years ago

Last modified 7 years ago

#580 closed defect (fixed)

password reset CCs other users

Reported by: wbstr@… Owned by: mgood
Priority: highest Component: AccountManagerPlugin
Severity: normal Keywords: haka.17
Cc: haka.17 Trac Release: 0.10

Description

I checked out trunk yesterday for 0.10dev which is running on windows.

Trac CC's the forgot password email to memers of the always_cc list, but the 'To:' recipient field is empty. Nothing is sent to the users email address.

Attachments (0)

Change History (7)

comment:1 Changed 8 years ago by anonymous

  • Trac Release changed from 0.9 to 0.10

comment:2 follow-up: Changed 8 years ago by mgood

Did the user have an email address in the settings? I guess I forgot to check for the case where their email is not set. If they haven't set an email address there's of course no way to send them an email.

Emailing the always_cc list is obviously not right either. I'll have to see if I can work around that somehow.

comment:3 in reply to: ↑ 2 ; follow-up: Changed 8 years ago by anonymous

Replying to mgood:

Did the user have an email address in the settings? I guess I forgot to check for the case where their email is not set. If they haven't set an email address there's of course no way to send them an email.

Emailing the always_cc list is obviously not right either. I'll have to see if I can work around that somehow.

Yes they had an email address. 'Forgot password' complains if the sendto email address and the users email address are different.

After some fiddling around it appears that unlike 0.9.6, 0.10dev BCC's everything. So what I thought was no email being sent (because the TO header was empty) was actually a bcc'd email being sent. I suppose this would count as a 'worksforme'

I'm not sure why the To field was empty when I had an address in always_cc, but thats a separate issue.

comment:4 in reply to: ↑ 3 Changed 8 years ago by mgood

Replying to anonymous:

'Forgot password' complains if the sendto email address and the users email address are different.

I'm not sure I understand this statement. By "sendto" address are you referring to the email field the user is asked to fill in when resetting their password? This is an intentional check so that a random person can't start resetting the passwords of users without at least knowing the email address matching the account name.

So, I guess the remaining issue here is that no one else should be CCed with the users new password when it's reset.

comment:5 Changed 8 years ago by mgood

  • Priority changed from normal to highest
  • Status changed from new to assigned
  • Summary changed from Forgot Password doesn't send email to user to password reset CCs other users

comment:6 Changed 8 years ago by mgood

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [1109]) make sure not to CC other users when sending a password reset email (fixes #580)

comment:7 Changed 7 years ago by rvdlbe@…

  • Cc haka.17 added
  • Keywords haka.17 added

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.