recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

More completely explain why we're refusing to send reset mail to an unverified address

Summary:
See PHI78. The user was getting this message and (reasonably) interpreted it to mean "reset mail can never be sent to unverified addresses".

Reword it to be more clear, albeit an entire paragraph long. I don't really have a good solution in these cases where we'd need a whole page to explain what's happening (this, plus "we can't tell you which address you should use because an attacker could get information if we did" and "this rule defuses the risk that an opportunistic attacker may try to compromise your account after you add an email you don't own by mistake"). We could write it up separately and link to it, but I feel like that stuff tends to get out of date.

Just land somewhere in the middle.

Test Plan: {F5189105}

Reviewers: amckinley

Reviewed By: amckinley

Differential Revision: https://secure.phabricator.com/D18630

epriestley 3fbad684 03e5d698

+5 -2
+5 -2
src/applications/auth/controller/PhabricatorEmailLoginController.php
··· 71 71 $target_email->getUserPHID()); 72 72 if ($verified_addresses) { 73 73 $errors[] = pht( 74 - 'That email address is not verified. You can only send '. 75 - 'password reset links to a verified address.'); 74 + 'That email address is not verified, but the account it is '. 75 + 'connected to has at least one other verified address. When an '. 76 + 'account has at least one verified address, you can only send '. 77 + 'password reset links to one of the verified addresses. Try '. 78 + 'a verified address instead.'); 76 79 $e_email = pht('Unverified'); 77 80 } 78 81 }