kallithea Changeset - 1e079752b756

Changeset - 1e079752b756

Parent rev.

Child rev.

[Not reviewed]

stable

0 1 0

Andrew Shadura - 11 years ago 2015-05-16 16:37:17
andrew@shadura.me

privacy: on password reset, don't tell strangers if email is valid or not

Password reset form might be used to check if users with specific email
addresses have accounts in the system by requesting their password to be
reset. It's probably not a good idea to give this sort of information to
complete strangers.

1 file changed with 1 insertions and 1 deletions:

kallithea/model/forms.py

0 comments (0 inline, 0 general)

kallithea/model/forms.py

➞

Show inline comments

@@ @@ -193,25 +193,25 @@ def RegisterForm(edit=False, old_data={} @@
         lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
         email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))
         chained_validators = [v.ValidPasswordsMatch()]
     return _RegisterForm
 def PasswordResetForm():
     class _PasswordResetForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
-        email = All(v.ValidSystemEmail(), v.Email(not_empty=True))
         email = v.Email(not_empty=True)
     return _PasswordResetForm
 def RepoForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
              repo_groups=[], landing_revs=[]):
     class _RepoForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                         v.SlugifyName())
         repo_group = All(v.CanWriteGroup(old_data),
                          v.OneOf(repo_groups, hideList=True))

0 comments (0 inline, 0 general)