Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Account sign up issues #5

Open
starryeyez024 opened this issue Oct 13, 2023 · 6 comments
Open

Account sign up issues #5

starryeyez024 opened this issue Oct 13, 2023 · 6 comments

Comments

@starryeyez024
Copy link
Collaborator

  1. When someone tries to sign up with an email address which is already in use, it shows a non-helpful error instead of a message about just logging in with that email address
image
  1. There is no way to reset your password if you forget
@htothenan1
Copy link
Owner

  1. You don't think "Oops, something went wrong!" is helpful enough? lol I think this is one of the first things I did, so I have no idea why I was so unhelpful with those words. The only error you can have if you fill out all three fields, is if the email already exists, so I don't think there's any reason to not just change the text.

  2. Yeah, would love to hear your preferred option here, seeing that I am not requiring a real email address to sign in. Maybe we just need to require a real email, so we can have a proper forget password flow?

@starryeyez024
Copy link
Collaborator Author

Yep, i mean idk the level of effort but the ability to reset a password would be a good-to-have feature!

@htothenan1
Copy link
Owner

for sure. My thinking back then was to allow fake email registers to make it easier for anyone to kind of test it out, without putting real info.

I suppose if we wanted to have a password reset feature, we would need to have some sort of confirmation email at registration time for the user. That way, if they forget password, we could just send a reset email.

Are there other ways that you know of?

@starryeyez024
Copy link
Collaborator Author

I can see your logic, though I don't know that people have to confirm their email first in order to have a password reset later. If someone inputs a junk email and then later forgets their password, then they miss out on the chance to reset it (and they would just have to create another account).

The one fail-safe is you would want to ensure that the email address already exists as a user in your database before sending a pw reset email, just to avoid your servers being overtaken by some bot.

@htothenan1
Copy link
Owner

htothenan1 commented Oct 19, 2023
edited
Loading

that's an excellent point. We could just send the reset email, even if its not real. Wait. There is the edge case that someone uses someone elses real email... nothing to worry about?

@starryeyez024
Copy link
Collaborator Author

There is the edge case that someone uses someone elses real email... nothing to worry about?
Right! If i get a password reset email that I didn't initiate, I can either ignore it, or change my password to something more secure knowing someone is trying to hack my account. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@starryeyez024 @htothenan1