thelia
thelia copied to clipboard
Forgot Passwort Worflow
I find the current workflow that handles the password forgotten functionality for customers a bit troubling.
Usually, when resetting a forgotten password, a link is sent to a user, which allows him/her to choose a new password. The way, Thelia is handling is quite different. Even tough the text already says "You will receive a link to reset your password.", that's not, what's happening. The current password is instantly replaced with a new generated one and this password is then sent via mail to the user.
While i don't think, this is a security issue, i can think of some scenario, where it really is annoying. Is there a special reason, why it's handled this way?