How to check before sending password reset if user exists

Hi All,

Just want to check before somebody asks for a password reset if that user already exists. If the email exists no problem. But when it not exists a pop up must appear saying “no such user” or something like that. The appearing of the popup is no problem. I left that one out.

image

Tried to keep it simple by setting up an error handeling in the workflow using the error codes in settings/languages. But it will not fire.

image

I try to keep it very simple. Does anyone have an idea?

Thanks in advance.

Hey @Dirk-Ummy :wave:

I think Bubble used to do this but because of the security risk, it no longer does.

Maybe you can just add a notification at the end of the pressing of the button that says something like “If this email is attached to an account, a link will be sent to this email. Go check your email now.” Or something like this. Most sites have those sort of notifications.

The reason it’s a security risk is because someone can just keep typing in email addresses to see which one would work, then they would know that it has an account. Then they could try a brute force attack to get in.

Also, by doing a check on the front end, you would have to expose privacy rules to hackers which they could potentially grab all the emails from your database as well.

Hope that makes sense. :blush:

Hi @J805,

I did that. The text is there “in Dutch”. I wanted to make it bit more user friendly. The strange thing is that also when an email address is not in the user thing. The reset email is send to that email account. Tested it.

I would say that is solvable for Bubble?

Thanks for the info though .

Hmm :thinking: You can try doing it on the backend workflow. Then you won’t have to expose privacy settings. Then you can check if the user exists without letting them know what the result was. Maybe that will help?

1 Like

This topic was automatically closed after 70 days. New replies are no longer allowed.