When I test the rather too complicated Mailsystem/Mimemail/HTMLmail I use
https://mydrupaltestsite.com/user/password to see if I can get Drupal to part with a beautifully formatted HTML mail.
Go to your equivalent of https://mydrupaltestsite.com/user/password while logged in and ask it to send you a reset password mail 10 times in a row.
All those ten times the cheery message will be something like "If ss@vertikal.dk is a valid account, an email will be sent with instructions to reset your password."
This is, pretty quickly, a lie. It will NOT send an e-mail with instructions to reset your password.
Then go to admin/reports/dblog and watch Drupal log another FAULTY error message:
"Password reset form was submitted with an unknown or inactive account: ss@vertikal.dk."
The account is not in any way unknown or inactive. It's just in the flood table in the database. There is a big difference.
1. If the user requesting a password reset is logged in, they should NEVER end up in the flood table. With users having little patience and spam filters being overly zealous, expect people to try more than a few times.
2. If the user for some good reason ends up it the flood table, tell them, on requesting the password reset mail (or when they're desperately trying to log in). "You have tried to log in or requested the password reset mail a few too many times. Wait for 24 hours (or days) before trying again."
3. In the recent log messages (/admin/reports/dblog) write "Someone has tried a few too many times to log in as user ss@vertikal.dk. Or maybe they have tried to get a password reset mail a few too many times. Install the Flood Control module, solve the problem and have your site work way better: https://www.drupal.org/project/flood_control β "
Mostly better error messages. Messages that can be seen and are... correct.
Active
11.0 π₯
Last updated
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Thanks for reporting this! This is probably a duplicate of π Password reset form error makes no sense when the account is locked Needs work . I see this issue was created first, but in the other issue there is a broader discussion, so I propose to close one of the issues and continue in the other one. Thanks!