#580 closed defect (fixed)
password reset CCs other users
| Reported by: | Owned by: | Matt Good | |
|---|---|---|---|
| Priority: | highest | Component: | AccountManagerPlugin |
| Severity: | normal | Keywords: | haka.17 |
| Cc: | haka.17 | Trac Release: | 0.10 |
Description
I checked out trunk yesterday for 0.10dev which is running on windows.
Trac CC's the forgot password email to memers of the always_cc list, but the 'To:' recipient field is empty. Nothing is sent to the users email address.
Attachments (0)
Change History (7)
comment:1 Changed 18 years ago by
| Trac Release: | 0.9 → 0.10 |
|---|
comment:2 follow-up: 3 Changed 18 years ago by
comment:3 follow-up: 4 Changed 18 years ago by
Replying to mgood:
Did the user have an email address in the settings? I guess I forgot to check for the case where their email is not set. If they haven't set an email address there's of course no way to send them an email.
Emailing the
always_cclist is obviously not right either. I'll have to see if I can work around that somehow.
Yes they had an email address. 'Forgot password' complains if the sendto email address and the users email address are different.
After some fiddling around it appears that unlike 0.9.6, 0.10dev BCC's everything. So what I thought was no email being sent (because the TO header was empty) was actually a bcc'd email being sent. I suppose this would count as a 'worksforme'
I'm not sure why the To field was empty when I had an address in always_cc, but thats a separate issue.
comment:4 Changed 18 years ago by
Replying to anonymous:
'Forgot password' complains if the sendto email address and the users email address are different.
I'm not sure I understand this statement. By "sendto" address are you referring to the email field the user is asked to fill in when resetting their password? This is an intentional check so that a random person can't start resetting the passwords of users without at least knowing the email address matching the account name.
So, I guess the remaining issue here is that no one else should be CCed with the users new password when it's reset.
comment:5 Changed 18 years ago by
| Priority: | normal → highest |
|---|---|
| Status: | new → assigned |
| Summary: | Forgot Password doesn't send email to user → password reset CCs other users |
comment:6 Changed 18 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
comment:7 Changed 17 years ago by
| Cc: | haka.17 added; anonymous removed |
|---|---|
| Keywords: | haka.17 added |
Did the user have an email address in the settings? I guess I forgot to check for the case where their email is not set. If they haven't set an email address there's of course no way to send them an email.
Emailing the
always_cclist is obviously not right either. I'll have to see if I can work around that somehow.