Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-4779

Users should be alerted that the password reset token is invalid after a failed password reset attempt.

    XMLWordPrintable

    Details

    • Support reference count:
      2
    • Feedback Policy:

      Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Description

      Problem Definition

      If the Crowd directory is configured to disallow repeated/old passwords on password change, the reset attempt will be rejected if the user attempts to input a repeated/old password.

      The problem is that after the user attempts to key in a new password afterward the rejected attempt, it will display an error message saying that the password token is now invalid and the user will be required to request for a new token.

      Suggested Solution

      Either one of the following:

      1. After the initial password reset attempt is rejected, the user should be notified that the password reset token is now invalid and be prompted to create a new one instead immediately.
      2. Allow the user to continue with the password reset attempt and reset their password to an accepted one.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            lsaw@atlassian.com Leon (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: