| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by taspeotis 877 days ago

    # Concern that overrides the Devise methods
    # to send reset password instructions to any verified user email
    module RecoverableByAnyEmail

So it was a feature??

Anyway, in the fixed version it's still called RecoverableByAnyEmail. Do people not read the code around what they are changing??

3 comments

Rapzid 877 days ago

It does say any email doesn't it? Not verified, any.

link

zx8080 877 days ago

> "RecoverableByAnyEmail"

Added 8 months ago [1]. And then one month later:

> "password_reset_any_verified_email"

Was removed. 7 months ago [2], *note* __verified__ word here.

No blaming or conspiracy intended in this post, just listing links to relevant commits.

1 - https://gitlab.com/gitlab-org/gitlab/-/commit/94069d38c9cd63...

2 - https://gitlab.com/gitlab-org/gitlab/-/commit/a935d28f3decf8...

link

BandButcher 877 days ago

haha the first thing i would've caught in the initial PR was the file name... and the default setting of `confirmed: true`... seems like a big oversight or possibly an inside job (if im being conspiratorial)

link