Last modified: 2014-02-12 23:35:40 UTC
1. Go to the wikipedia password recovery form A) User only Enter "kiu" and request password Result: "Mail has been sent", but actually it isn't B) Mail only Enter "kiu@gmx.net" and request password Result: "Mail has been sent", but actually it isn't C) Both Enter "kiu" and "kiu@gmx.net" and request password Result: "This account doesn't have an email address assigned", may be true
Kiu, since this doesn't seem to be a security issue with the password reset function itself, I'd like to make it public so other people can help you out, but your name and email would then be public as well? Is that ok? Otherwise I'll close this bug and reopen a new bug that mentions the problem without your actual username and email. In the meantime, I'm not able to duplicate, and that message "This account doesn't have an email address assigned" doesn't seem to exist. Could you post the actual text that you're seeing? (I'm assuming in German, since your other bug was about de.wikipedia.org)
Sure, you can make this public. The message seems only to come on de.wp.com: Benutzer „Kiu“ hat keine E-Mail-Adresse angegeben. The english wikipedia told me that a password was sent (not true).
So it's triggering the 'noemail' message on SpecialPasswordReset.php line 216. I'm not sure why it would do that if you have an email address also filled out, instead of just a username.
@Chris It actually means that the account i am trying to recover has no email associated to it. The error message is correct. The question is why is en.wp.com not showing it ? Why are the other casing saying that an email was sent...
Case B is intentional. When using only an email address, the reset form will always tell you the email was sent. Otherwise, somebody could use the reset form to iterate through email addresses and see if an account is registered for it. I'm not sure why case A is happening, though.
Seems like there is same bug in Russian part of wiki. I've tried to reset my password several times and found if you fill both fields "name" and "e-mail address" no e-mail sent. But if you fill only one field - everything is alright.