Merge lp:~tartley/canonical-identity-provider/allow-new-emails into lp:canonical-identity-provider/release
Proposed by
Jonathan Hartley
Status: | Merged |
---|---|
Approved by: | Jonathan Hartley |
Approved revision: | no longer in the source branch. |
Merge reported by: | Otto Co-Pilot |
Merged at revision: | not available |
Proposed branch: | lp:~tartley/canonical-identity-provider/allow-new-emails |
Merge into: | lp:canonical-identity-provider/release |
Diff against target: |
248 lines (+80/-48) 5 files modified
src/api/v20/handlers.py (+9/-11) src/api/v20/tests/test_handlers.py (+11/-18) src/identityprovider/models/account.py (+13/-9) src/identityprovider/tests/test_models_account.py (+44/-4) src/webui/tests/test_views_ui.py (+3/-6) |
To merge this branch: | bzr merge lp:~tartley/canonical-identity-provider/allow-new-emails |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Daniel Manrique (community) | Approve | ||
Maximiliano Bertacchini | Approve | ||
Review via email: mp+377333@code.launchpad.net |
Commit message
Restore users ability to send password reset email to new addresses.
A branch was merged before Christmas to fix a security hole in the
password reset process. In that branch, out of an abundance of
caution, we also prevented password reset emails from being sent
to 'new' email addresses.
https:/
On reflection, the latter part was more cautious than required.
This MP restores the ability for the password reset email logic
to fall back to using an account's 'new' email address if no
preferred or validated email addresses exist.
To post a comment you must log in.
diff comments for reviewers