Add docs for enumeration and account status controls in password recovery flow#6227
Add docs for enumeration and account status controls in password recovery flow#6227VIHANGAGIT wants to merge 1 commit into
Conversation
|
Warning Review limit reached
Next review available in: 29 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Path: .coderabbit.yml Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (4)
📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThis PR updates the password recovery guide to document two Resolve User settings, their default disabled state, the account-enumeration warning, and how they change observable recovery errors. ChangesPassword Recovery Documentation
Suggested labels: Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
18d01c2 to
014ffdd
Compare
|
Docs preview: https://dairy-materials-operating-observed.trycloudflare.com Product: Triggered by @ImalshaD via the Preview Docs workflow. |
| - **Auto Login**: If enabled, the user is automatically logged into their account immediately after successfully completing the password recovery flow. | ||
| - **Send a notification email on flow completion:** When enabled, the user will receive an email confirming that their password recovery is complete and their account is ready to use. | ||
|
|
||
| ### Resolve user properties |
014ffdd to
6e32a7e
Compare
6e32a7e to
54f6337
Compare
Purpose
Documents the new enumeration and account-status controls on the Resolve User step of the flow-based password recovery, introduced in WSO2 Identity Server.
Two per-tenant settings, configured on the action button of the first (Resolve User) step in the password recovery flow builder:
notifyUserExistence) — when enabled, an unknown identifier returns a "User does not exist" error; when disabled, the flow continues silently as it would for a valid user.notifyUserAccountStatus) — when enabled, locked/disabled accounts return a status-specific error; when disabled, the status is hidden and the flow continues.Both are disabled by default (secure posture that prevents user enumeration). The docs explain the settings, the security trade-off, and how to enable them via the flow builder.
Changes
en/includes/guides/flows/password-recovery.md(shared include):Related Issues