-
Notifications
You must be signed in to change notification settings - Fork 296
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
user register with duplicate email, you can add a specific message #658
Comments
My thoughts: This would confirm to a potential hacker that the email address does exist which is generally frowned upon. https://www.owasp.org/index.php/Authentication_Cheat_Sheet#Authentication_and_Error_Messages Maybe its possible to provide a token that can be overridden if this is the desired behaviour? |
I think usability comes first. |
This is perhaps an opportunity to get the best of both, a configurable setting that controls the verbosity of feedback messages would be a really nice feature. The tokenized strings containing the sort of feedback you are looking for is already in the exceptions thrown by the validate method of RegisterBehaviour.
In an ideal world I would agree, usability is king :) but where I work though my head would be on a stick for suggesting that :) |
Hi,
if you try make a registration with an email already used, you receive the generic message (the user could not be saved).
Is it posibile add a specific message for this exception?
Ex: this email is already associated with another user.
Thanks a lot
D.
The text was updated successfully, but these errors were encountered: