mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-22 14:52:41 +01:00
More completely explain why we're refusing to send reset mail to an unverified address
Summary: See PHI78. The user was getting this message and (reasonably) interpreted it to mean "reset mail can never be sent to unverified addresses". Reword it to be more clear, albeit an entire paragraph long. I don't really have a good solution in these cases where we'd need a whole page to explain what's happening (this, plus "we can't tell you which address you should use because an attacker could get information if we did" and "this rule defuses the risk that an opportunistic attacker may try to compromise your account after you add an email you don't own by mistake"). We could write it up separately and link to it, but I feel like that stuff tends to get out of date. Just land somewhere in the middle. Test Plan: {F5189105} Reviewers: amckinley Reviewed By: amckinley Differential Revision: https://secure.phabricator.com/D18630
This commit is contained in:
parent
03e5d69817
commit
3fbad684c1
1 changed files with 5 additions and 2 deletions
|
@ -71,8 +71,11 @@ final class PhabricatorEmailLoginController
|
|||
$target_email->getUserPHID());
|
||||
if ($verified_addresses) {
|
||||
$errors[] = pht(
|
||||
'That email address is not verified. You can only send '.
|
||||
'password reset links to a verified address.');
|
||||
'That email address is not verified, but the account it is '.
|
||||
'connected to has at least one other verified address. When an '.
|
||||
'account has at least one verified address, you can only send '.
|
||||
'password reset links to one of the verified addresses. Try '.
|
||||
'a verified address instead.');
|
||||
$e_email = pht('Unverified');
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue