Notify blocked account user of a successful login attempt and re-activation account steps (!331) · Merge requests · beat / beat.web

Flavio TARSETTI requested to merge 551_blocked_accounts_login_attempts into master May 20, 2020

This MR targets the fact that when account is blocked (not re-validated), we do not wish to give too much information at the login process (in order not to help attackers). If the person does not notice the URL below for the account reactivation, he might get lost with the procedure.

In this case an e-mail should be sent to the user with a successful login attempt indicating his account is blocked (and a positive attempt was made) and what steps to take to re-activate his account.

Fixes #551 (closed)

Edited May 20, 2020 by Flavio TARSETTI

Notify blocked account user of a successful login attempt and re-activation account steps

Merge request reports