Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-2457

"Forgot Password/Username" form doesn't validate the inputed variable

    XMLWordPrintable

Details

    Description

      Summary of The Bug

      Crowd "Forgot Password" and "Forgot Username" form does not checked the validity of the user name. When user enter the wrong username/e-mail which is not existed on the database, the expected message are "Sorry, username/e-mail is not exist on the system", however Crowd throw the same message as existed username.

      Username message

      Password message

      Crowd log (atlassian-crowd.log) recognize that the user is not exist means that Crowd do check if the user existed or not.

      2011-05-16 15:14:26,255 http-8095-2 INFO [crowd.manager.login.ForgottenLoginManagerImpl] No usernames found for email address: nothing

      Steps to reproduce

      1. Access Crowd console
      2. Click the "Can't access your account" button
      3. Choose either option
      4. Enter a non-existing username/e-mail

      Attachments

        1. password(2.2.4).png
          password(2.2.4).png
          7 kB
        2. username(2.2.4).png
          username(2.2.4).png
          4 kB

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. CWD-3484 Password reset messages are misleading and not conditional (UX issues)

          • Low - Low priority issues
          • Closed

          Suggestion - JRASERVER-44685 Password reset messages are misleading

          • Gathering Interest

          Activity

            People

              Unassigned Unassigned
              scahyadiputra Septa Cahyadiputra (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: