[PATCH 0/5] login: add link to password reset, refurbished
Bernhard Reutner-Fischer
rep.dot.nop at gmail.com
Wed Nov 11 18:44:34 AEDT 2015
On November 11, 2015 5:24:36 AM GMT+01:00, "Finucane, Stephen" <stephen.finucane at intel.com> wrote:
>> On 17 October 2015 at 00:57, Finucane, Stephen
><stephen.finucane at intel.com>
>> wrote:
>> > On Wed, Mar 11, 2015 at 10:39:35PM +0100, Bernhard Reutner-Fischer
>> > wrote:
>> One thing that i wonder is if the patchwork_emailconfirmation is
>> supposed to be able to hold duplicate user_id/email entries like it
>> currently does. I do not think this makes sense and should IMHO be
>> forbidden unless it serves a purpose i cannot see?
>> Note that the html-ui does not display duplicate entries although
>they
>> can be entered in the html-ui and do end up in the database. I
>wouldn't
>> allow that.
>
>If I understand you correctly (and I'm not sure if I do...), you're
>saying
>there is no check done to ensure a user signing up does not use a
>username
>or email that has already been taken? If so, that's a big issue and
>needs
>to be fixed.
No, I mean the notification email addresses, you can enter dups and use the address of another user-account there (results in a conformation mail being sent).
See?
More information about the Patchwork
mailing list