# HG changeset patch
# User Andrew Shadura <andrew@shadura.me>
# Date 2015-05-16 16:37:17
# Node ID 1e079752b7560df25d5568350f40b0543acd2403
# Parent  3e1afbd6055f34307026ff6f7551d7c04c83c0c9

privacy: on password reset, don't tell strangers if email is valid or not

Password reset form might be used to check if users with specific email
addresses have accounts in the system by requesting their password to be
reset. It's probably not a good idea to give this sort of information to
complete strangers.

diff --git a/kallithea/model/forms.py b/kallithea/model/forms.py
--- a/kallithea/model/forms.py
+++ b/kallithea/model/forms.py
@@ -202,7 +202,7 @@ def PasswordResetForm():
     class _PasswordResetForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
-        email = All(v.ValidSystemEmail(), v.Email(not_empty=True))
+        email = v.Email(not_empty=True)
     return _PasswordResetForm