AccountManager doesn't verify email when resetting password
|Reported by:||Owned by:||John Hampton|
|Cc:||Ryan J Ollos||Trac Release:||0.12|
I am using the account manager plugin with SvnServePasswordStore and the passwords coming from a svnserve passwd file.
I have a user called 'test' with email sagar@…. When I click on Forgot password and enter username test and email wrongemail@… and click ok, i get a message saying "Your new password has been emailed to you at wrongemail@…" Then, when I check the svnserve passwd file, I find that the password for user test has been reset to a random hexadecimal like value.
The reset password feature should have refused to work and stated something like "wrongemail@… is not the email associated with username test and the email will NOT be sent."
System: Ubuntu Lucid, trac 0.12b1, I installed account manager from the trunk on 31st May 2010