[keycloak-dev] Re: A disabled user receives a confusing info message, if he tries to reset his password

Michael Gerber gerbermichi at me.com
Mon Jan 12 05:20:02 EST 2015


Thank you, that sounds logical.

I just wondered, because you have a different error message for disabled users on the login screen.
"Account is disabled, contact admin"

Best
Michael

Am 12. Januar 2015 um 10:45 schrieb Stian Thorgersen <stian at redhat.com>:

This is intentional. If we provide specific error messages on reset password it can be used to find out whether or not a username/email is valid. Same applies to login, instead of saying invalid username it just says invalid username or password.

As an improvement we could extend the message to say if you haven't received a message within a certain time, then retry or contact an admin/support.

----- Original Message -----
From: "Michael Gerber" <gerbermichi at me.com>
To: keycloak-dev at lists.jboss.org
Sent: Friday, 9 January, 2015 4:01:49 PM
Subject: [keycloak-dev] A disabled user receives a confusing info message, if he tries to reset his password
A disabled user receives the following info message, if he tries to reset his
password:
You should receive an email shortly with further instructions.
This is a bit confusing. A message like that would be nicer:
Failed to send email, please contact the administrator.
I will create a PR if that is ok with you?
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150112/a2ba4cb6/attachment.html 


More information about the keycloak-dev mailing list