[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#556979: Acknowledgement (wiki.debian.org: cannot login)

Frank Lin PIAT wrote:

Hello,

You seems to have two problem. Can you clarify which one this bug is
supposed to be about (one bug per issue).


No, its only one. I thought it was one, but then realized it was another.



On Wed, 2009-11-18 at 17:52 -0300, Felipe Sateler wrote:

retitle 556979 Does not verify username when resetting password
[..]
Actually, the username was wrong, and that's why it didn't let me login.


It is very common for authentication systems to report "authentification
failed" rather than "invalid account", to avoid user account
enumeration.


Yes. This is correct behavior.




However, it is wrong that it did let me change my password.


This behavior is be design: Moinmoin send your password when you request
it.  If you want to change your password, log into the wiki, then click
on settings, then Change password (!).


Actually, it sends a token which I use to change my password.
But I need to supply my username and e-mail address for that. And even though I provided the wrong username, it sent me an e-mail. 

I hope it is clearer now.


--
Saludos,
Felipe Sateler
Reply to: