AccountManager doesn't verify email when resetting password
|Reported by:||sagar.behere@…||Owned by:||pacopablo|
I am using the account manager plugin with SvnServePasswordStore and the passwords coming from a svnserve passwd file.
I have a user called 'test' with email sagar@…. When I click on Forgot password and enter username test and email wrongemail@… and click ok, i get a message saying "Your new password has been emailed to you at wrongemail@…" Then, when I check the svnserve passwd file, I find that the password for user test has been reset to a random hexadecimal like value.
The reset password feature should have refused to work and stated something like "wrongemail@… is not the email associated with username test and the email will NOT be sent."
System: Ubuntu Lucid, trac 0.12b1, I installed account manager from the trunk on 31st May 2010
Change History (7)
comment:6 in reply to: ↑ 5 Changed 3 years ago by hasienda
- Resolution set to fixed
- Status changed from new to closed