Password recovery on account creation is confusing for non-Launchpad users
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical SSO provider |
Invalid
|
High
|
Unassigned | ||
Landscape Server |
Invalid
|
High
|
Unassigned | ||
Launchpad itself |
Fix Released
|
High
|
Guilherme Salgado |
Bug Description
When an SSO user tries to create a Launchpad account, they get this message:
"The email address <email address hidden> is already registered in the Launchpad Login Service (used by the Ubuntu shop and other OpenID sites). Please use the same email and password to log into Launchpad."
If they have forgotten their password, they will naturally try the "Forgotten your password? " option, but this doesn't work for non-launchpad accounts. They'll get: "Your account details have not been found. Please check your subscription email address and try again."
Nothing tells them that they need to use login.launchpad.net to recover their password.
I think it would be ideal if they *didn't* have to go somewhere else to recover their password. I don't know the technical issues, but it doesn't *seem* insurmountable-- login.launchpad.net works for Launchpad accounts, so can't we just use login.launchpad.net (or its underlying code) for all password recovery?
If there is a legitimate need to provide two different password recovery services, then:
- We could detect when people were using Launchpad's password recovery to recover an SSO password and suggest they use login.launchpad.net
- When account creation is denied due to an existing address, we should say "If you have forgotten your password, use login.launchpad.net (not this page) to recover your password." or something similar.
Related branches
- Gary Poster (community): Approve
-
Diff: 150 lines3 files modifieddatabase/schema/security.cfg (+1/-0)
lib/canonical/launchpad/webapp/login.py (+16/-7)
lib/lp/registry/stories/foaf/xx-resetpassword-of-sso-account.txt (+83/-0)
Changed in launchpad-registry: | |
importance: | Undecided → Low |
affects: | launchpad-registry → canonical-identity-provider |
Changed in landscape: | |
importance: | Undecided → High |
tags: | added: chr |
Changed in launchpad-foundations: | |
assignee: | nobody → Guilherme Salgado (salgado) |
status: | Triaged → In Progress |
Changed in launchpad-foundations: | |
status: | Fix Committed → Fix Released |
Changed in landscape: | |
status: | New → Invalid |
I think the issue here is that the user is in an intermediate state. There is an account created by some import process, but but it is not claimed. When the user tries forget password, we should be able to identify this situation and provide a link to claim the account to activate the user's profile.