|
2009-01-02 20:41
|
cacert-my-details-menu.png (5,679 bytes) |
|
|
probably intended change request: change sub menu item from: Edit to: Edit/View |
|
|
pushed fix to https://github.com/INOPIAE/CAcert/commit/df7cc59564f5c7f1f954696f1d089c1ed8a14e76 |
|
|
The menu display "View/Edit" => OK |
|
|
Although the patch is legit in pointing out that with this link you can "View and Edit" the personal information but it misses the intension of the bug report. Also there is a valid point in asking for a view-only page since you don't usualy need to view your personal questions and thus if only displaying the personal details without the questions you could skip sending the mail until the user actually hit the edit page where the personal questions are shown alongside the personal information. |
|
|
proposal: handle the "Show Lost Password Details" similar to the admin console (search user, show user) with an addtl. link to show the "Lost Password Details" https://cacert1.it-sls.de/account.php?id=43&userid=xyz&showlostpw=yes may prevent sending of mails ... "someone have accessed ..." If user received assurances the name and dob fields becomes read/only by default. So the status of the View/Edit isn't that of interest. The main topic in the email sent is: "You receive this automatic mail since you yourself or someone else looked up your secret questions and answers for a forgotten password." so, moving mail trigger to the subfunction (show lost pwd detail) will prevent sending emails to often |
|
|
Test shows if you open View/Edit only the name and dob. No mail send => ok When open View secret Q&A, Mail send and data visible. =>ok =>ok |
|
|
seems to be correct |
|
|
Recovery questions are only shown when clicking the corresponding link and only then a warning is generated => PASS Mail sent to critical admins. |
|
|
The patch has been installed on the production server on August 29, 2013. See also: https://lists.cacert.org/wws/arc/cacert-systemlog/2013-08/msg00007.html |
- Anonymous
