[MGNLPUR-67] Password Reminder form displays ambiguous error message when a username can't be found Created: 17/May/12  Updated: 07/Nov/14  Resolved: 17/Oct/14

Status: Closed
Project: Magnolia Public User Registration
Component/s: registration
Affects Version/s: 1.4.1, 2.0
Fix Version/s: None

Type: Bug Priority: Neutral
Reporter: Matt Dertinger Assignee: Robert Šiška
Resolution: Obsolete Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
relates to MGNLPUR-143 PUR PasswordProcessor has poor error ... Closed
relates to MGNLPUR-144 Password reminder could be configured... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

Hi,

Currently, the Password Reminder form displays the following error message when a username can't be found:

Internal error, form could not be sent

Additionally, it logs several exceptions to the log files.

I'm thinking the error message displayed to users could be a bit friendlier, something like:

We're sorry, the username you entered could not be found. Please verify you entered it properly.

Cheers,
Matt



 Comments   
Comment by Jan Haderka [ 17/May/12 ]

Hey Matt,
thx for the report.
I totally agree that message should be more user friendly and there should be nothing in the logs. But setting the message you propose would imho invite just someone to setup a name generator and fish for valid usernames. WDYT?

Maybe that better solution is to allow ppl enter their email address instead of user name which they might not remember and always reply "Your request have been processed. If you do not receive e-mail with username and password in few minutes please check your spam filter setting and or try again. In such case please also consider that you might have registered your account with different e-mail address." ... or something along those lines.

Comment by Matt Dertinger [ 21/May/12 ]

Hi Jan,

I think using email address instead of user name is a great idea.

If we wanted to go a little further with this, what do you think about adding a password reminder via mobile phone number option that would send it via SMS?

Cheers,
Matt

Comment by Jan Haderka [ 21/May/12 ]

Excellent!
Is there free service that would do so? (deliver message worldwide)
Of would it be integration with some paid service and possible different carrier API per carrier/country?
If there is some universal solution that you know off I think it would be great to get this integrated in the product.

Comment by Matt Dertinger [ 23/May/12 ]

Hi Jan,

Regarding services to deliver the messages, we've actually done it without any. We simply ask the user to select their carrier and enter their phone number, then we use the Carrier-provided email to SMS gateway to send an email to the proper carrier address which will convert it to SMS. You can find a mapping of carriers to email addresses in the Email to Text Message Format Chart.

AFAIK, if you don't want to ask the user to select their carrier, then you'll need to subscribe (i.e. pay) for a Service API that provides the look up. One such service is smsmatrix.

HTH,
Matt

Comment by Robert Šiška [ 17/Oct/14 ]

Obsolete. Fixed by MGNLPUR-143.

Generated at Mon Feb 12 06:42:46 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.