userman
userman copied to clipboard
rejectedsoftware
Registered E-Mails can be checked
https://github.com/rejectedsoftware/userman/blob/47bc91558882a2fa3c2cf7d724a4bceb29c7c163/source/userman/web.d#L393
it says here the it's supposed to ignore errors but if you access /reset_password?email=somemail&code=invalid_code and attempt to change the password the error is different between
There is no user account for the specified email address.
and
Error: Invalid request code, please request a new one.
It should always only show the second one.
Probably low priority but the comment there that it shouldn't be able to be determined, I think you might still be able to find out because the throw/catch takes more time so you will see a ms or more more on average, it should simulate some micro sleep.
