[keycloak-dev] A disabled user receives a confusing info message, if he tries to reset his password
Stian Thorgersen
stian at redhat.com
Mon Jan 12 04:45:49 EST 2015
This is intentional. If we provide specific error messages on reset password it can be used to find out whether or not a username/email is valid. Same applies to login, instead of saying invalid username it just says invalid username or password.
As an improvement we could extend the message to say if you haven't received a message within a certain time, then retry or contact an admin/support.
----- Original Message -----
> From: "Michael Gerber" <gerbermichi at me.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Friday, 9 January, 2015 4:01:49 PM
> Subject: [keycloak-dev] A disabled user receives a confusing info message, if he tries to reset his password
>
> A disabled user receives the following info message, if he tries to reset his
> password:
> You should receive an email shortly with further instructions.
>
> This is a bit confusing. A message like that would be nicer:
> Failed to send email, please contact the administrator.
>
> I will create a PR if that is ok with you?
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list