FOSUserBundle icon indicating copy to clipboard operation
FOSUserBundle copied to clipboard

Published 20 hours ago verified publisher icon FriendsOfSymfony

Reset password only by username or email (but not both)

Open LouTerrailloune opened this issue 11 years ago • 4 comments
trafficstars

I removed the uniqueness of the email in my database (many user can register with same email), but user can request a reset by email. Only the first user with that email receive the email (and worse, the user that receive the email is not the one who asked for the reset).

Do you think it's a good idea to include a feature in the bundle to allow reset only by email or username, or do you think it's too specific and this should be handled by overrides ?

LouTerrailloune avatar Oct 17 '14 16:10 LouTerrailloune

I think, that it is really bad to remove uniqueness of email.

Please don't do it. It is not good.

davidwiniarz avatar Oct 18 '14 13:10 davidwiniarz

I know it's not good, but that's not the point.

The point it to enable users to reset their password only with the username or only with the email. Is it a feature to include in the bundle or not.

LouTerrailloune avatar Oct 19 '14 20:10 LouTerrailloune

You could write an event listener that checks if the user provided a valid username OR email for the reset request. The FOSUserBundle triggers a lot of events, as seen here: FOSUserEvents.php

schemar avatar Oct 27 '14 16:10 schemar

I had to remove the uniqueness of the email too. (Email are provided by some client API and they are not unique...)

It would be nice to allow reset only by username.

VincentLanglet avatar Jul 11 '19 09:07 VincentLanglet