-
Committer:
Ubuntu One Auto Copilot
-
Author(s):
Jonathan Hartley
-
Date:
2020-01-10 15:54:09 UTC
-
mfrom:
(1703.1.16 canonical-identity-provider)
-
Revision ID:
otto-copilot@canonical.com-20200110155409-welapuby9flg5y0w
Restore users ability to send password reset email to new addresses.
A branch was merged before Christmas to fix a security hole in the
password reset process. In that branch, out of an abundance of
caution, we also prevented password reset emails from being sent
to 'new' email addresses.
https://code.launchpad.net/~tartley/canonical-identity-provider/password-reset/+merge/376991
On reflection, the latter part was more cautious than required.
This MP restores the ability for the password reset email logic
to fall back to using an account's 'new' email address if no
preferred or validated email addresses exist.
Merged from https://code.launchpad.net/~tartley/canonical-identity-provider/allow-new-emails/+merge/377333