Email validation in case of forgot password

By: harmanjeet singh user 27 Apr 2018 at 1:59 a.m. CDT

6 Responses
harmanjeet singh gravatar
From login screen when we click on forgot password it will redirect to page "passwordReminder.xhtml" where user can enter email address and submit .On submission user will received a reset password link. But no validation is done on email that is either entered email is registered with Gluu Server (LDAP )or not , also either this email id exist or not .Same in the case of registration.
Ubuntu 16.04
closed

Answers

By Mohib Zico staff 27 Apr 2018 at 3:43 a.m. CDT

Copy
Mohib Zico gravatar
That shouldn't be the issue; it should have checked. Thomas, can you check?

By harmanjeet singh user 27 Apr 2018 at 4:24 a.m. CDT

Copy
harmanjeet singh gravatar
How we can check in case of forgot password when user enter email address to get reset link?

By Mohib Zico staff 27 Apr 2018 at 4:58 a.m. CDT

Copy
Mohib Zico gravatar
>> How we can check in case of forgot password when user enter email address to get reset link? Sorry, I think I couldn't understand your question.

By Thomas Gasmyr Mougang staff 27 Apr 2018 at 5:52 a.m. CDT

Copy
Thomas Gasmyr Mougang gravatar
Hi **singh**, Thanks you for reporting that problem. We were able to reproduce it and [this](https://github.com/GluuFederation/oxTrust/issues/975) github's issue should fix it. Thanks, Gasmyr.

By harmanjeet singh user 27 Apr 2018 at 6:56 a.m. CDT

Copy
harmanjeet singh gravatar
Hello Mohib Zico **Sorry, I think I couldn't understand your question. ** From login screen when we click on forgot password it will redirect to page "passwordReminder.xhtml" where user can enter email address and submit .On submission user will received a reset password link .How we can validate email entered by user at that time.

By Thomas Gasmyr Mougang staff 28 Apr 2018 at 5:24 a.m. CDT

Copy
Thomas Gasmyr Mougang gravatar
Hi, You should that the email is present in ldap before. You can add your custom logic. Thanks, Gasmyr.

Post an answer