crisischeckin "Forgot Password" > Invalid email format lands the user to the "Password reset request sent" page

"Forgot Password" > Invalid email format lands the user to the "Password reset request sent" page

Open MarleneMenser opened this issue 8 years ago • 1 comments

Steps

Click on Forgot Password - https://crisischeckin-d.azurewebsites.net/Account/ForgotPassword
Enter an invalid email format (i.e. "abc@") with quotation marks
Click on Request New Password
The "Password reset request sent" page appears instead of an error message. - https://crisischeckin-d.azurewebsites.net/Account/PasswordResetRequested

screenshot 2016-05-05 at 11 46 56 am

screenshot 2016-05-05 at 11 47 16 am

Suggestion: Have an email format validation feature in place to confirm correct format is entered in (i.e. [email protected])

May 05 '16 15:05 MarleneMenser

I agree with Marlene that this is on the face of it madness, but I would like @tonysurma or @BillWagner to confirm that they actually want this fixed. I reason I hesitate is that someone has gone out of their way on the AccountController Tests to implement a test method called "ForgotPassword_InvalidUserName_DoesntSendEmail_But_RedirectsTo_PasswordResetRequestedView()" - and if you read that code it very definitely asserts precisely what Marlene (and I) considers to be a bug...

May 10 '16 16:05 mjmilan

crisischeckin crisischeckin copied to clipboard

"Forgot Password" > Invalid email format lands the user to the "Password reset request sent" page

crisischeckin
crisischeckin copied to clipboard