You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was configuring password reset in the application via reset function and noticed strange and unexpected behavior. The function itself requires to set a desired user password before confirmation. Then by the idea the user should enter the same password in pair with token and tokenId that came from the function. But at this step I noticed that user can enter any password and the last one will be valid. Shouldn't realm say the the initially desired password and the password that the user provided to resetPassword with tokens is invalid in case they are not the same?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hey everybody!
I was configuring password reset in the application via reset function and noticed strange and unexpected behavior. The function itself requires to set a desired user password before confirmation. Then by the idea the user should enter the same password in pair with
tokenandtokenIdthat came from the function. But at this step I noticed that user can enter any password and the last one will be valid. Shouldn't realm say the the initially desired password and the password that the user provided toresetPasswordwith tokens is invalid in case they are not the same?Beta Was this translation helpful? Give feedback.
All reactions