You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The log string is definitely wrong and the func parameter name could be better. The idea was that you would pass in a function that would evaluate whether or not the email could be sent. For generic emails this would check the cannotify/emailvalidated values. For any essential emails (ie password reset) the idea was that this would always return true, but your suggestion about rate limiting would make sense here. Since this class needed to be uncoupled from the CoreWiki project we cannot directly access the database for this.
Should we remove this check for consent?
https://github.com/csharpfritz/CoreWiki/blob/dev/CoreWiki.Notifications/NotificationService.cs#L89-L92
It not only doesn't stop processing after the consent check fails, but if a user requested a password reset, isn't consent implied?
If it's the case of a malicious user requesting password resets, the end user probably wants to know about that.
Perhaps we should implement rate limiting for reset requests.
The text was updated successfully, but these errors were encountered: