Remind the user to check their spam after requesting password reset +… (#136)

3rdit · xusheng6 · claude · web-flow · commit 729d9812a95c · 2026-01-20T20:51:48.000+08:00
* Remind the user to check their spam after requesting password reset + FaQ details * Add landing page after requesting password reset Instead of showing a flash message on the same form page, redirect users to a dedicated landing page with clear instructions on what to do next, including checking spam folder and contact info. Closes #102 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Xusheng <xusheng@vector35.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
diff --git a/app/controllers/password_reset.py b/app/controllers/password_reset.py
@@ -50,15 +50,11 @@ def forgot_password_post():
         flash('Password reset is currently unavailable. Please contact support.', FLASH_ERROR)
         return render_template('password_reset/forgot.html')
 
-    # Always show success message to prevent email enumeration
-    success_message = 'If an account with that email exists, a password reset link has been sent.'
-
     # Check per-email quota first (prevents spam to single address)
     # We check this before user lookup to prevent timing-based enumeration
     if email_quota_exceeded(email):
-        # Don't reveal rate limiting - show same success message
-        flash(success_message, FLASH_SUCCESS)
-        return render_template('password_reset/forgot.html')
+        # Don't reveal rate limiting - show same success page
+        return render_template('password_reset/email_sent.html')
 
     try:
         # Check if user exists
@@ -103,8 +99,8 @@ def forgot_password_post():
     except Exception as e:
         print(f"Error during password reset request: {e}")
 
-    flash(success_message, FLASH_SUCCESS)
-    return render_template('password_reset/forgot.html')
+    # Show landing page with instructions (prevents email enumeration)
+    return render_template('password_reset/email_sent.html')
 
 
 @password_reset_bp.route('/reset-password/<token>', methods=['GET'])
diff --git a/templates/faq/faq.html b/templates/faq/faq.html
@@ -142,8 +142,19 @@ <h3 id="reset-password">How do I reset my password? <a href="#reset-password" cl
         <p>If you do not remember your current password: use the <a href="/forgot-password">Forgot Password</a> page to receive a reset link via email.</p>
         <p>If the automated reset does not work, please email crackmesone@gmail.com from the email address you used when you registered your account for assistance.</p>
         <div class="divider"></div>
+        <h3 id="reset-email-not-received">I didn't receive the password reset email. <a href="#reset-email-not-received" class="anchor-link">#</a></h3>
+        <p>If you requested a password reset but didn't receive the email, please check the following:</p>
+        <ul>
+            <li><b>Check your spam/junk folder:</b> Password reset emails sometimes get filtered as spam. Look in your spam or junk folder for an email from crackmes.one.</li>
+            <li><b>Mark as "Not Spam":</b> If you find our email in spam, please mark it as "Not Spam" or move it to your inbox. This helps train your email provider to deliver our emails correctly in the future and improves our email server's reputation.</li>
+            <li><b>Add us to your contacts:</b> Adding crackmesone@gmail.com to your contacts can help prevent future emails from being marked as spam.</li>
+            <li><b>Wait a few minutes:</b> Email delivery can sometimes be delayed. Wait 5-10 minutes before requesting another reset.</li>
+            <li><b>Check the correct email address:</b> Make sure you entered the same email address you used when registering your account.</li>
+        </ul>
+        <p>If you've tried all of the above and still haven't received the email, please contact us at crackmesone@gmail.com for assistance.</p>
+        <div class="divider"></div>
         <h3 id="delete-account">How do I delete my account? <a href="#delete-account" class="anchor-link">#</a></h3>
-        <p>Please to email us at crackmesone@gmail.com to request account deletion.</p>
+        <p>Please email us at crackmesone@gmail.com to request account deletion.</p>
         <div class="divider"></div>
         <h3 id="discord-verify">I cannot speak or see most channels on Discord. <a href="#discord-verify" class="anchor-link">#</a></h3>
         <p>If you cannot speak or see most of the channels on our Discord server, this is because you have not verified your account yet. Please check the <b>#verify</b> channel and follow the verification steps.</p>
diff --git a/templates/password_reset/email_sent.html b/templates/password_reset/email_sent.html
@@ -0,0 +1,40 @@
+{% extends "base.html" %}
+{% block title %}Password Reset Requested{% endblock %}
+{% block page_title %}Password Reset Requested{% endblock %}
+{% block head %}{% endblock %}
+{% block content %}
+
+<div class="container grid-lg wrapper">
+    <div class="columns" style="justify-content: center;">
+        <div class="column col-8 col-xs-12 panel-input">
+            <h4>Check Your Email</h4>
+            <p>If an account with that email exists, a password reset link has been sent.</p>
+
+            <h5>What to do next:</h5>
+            <ol>
+                <li><b>Check your inbox</b> for an email from crackmes.one.</li>
+                <li><b>Check your spam/junk folder</b> if you don't see it in your inbox. Password reset emails sometimes get filtered as spam.</li>
+                <li><b>Mark as "Not Spam"</b> if you find our email in spam. This helps train your email provider to deliver our emails correctly in the future.</li>
+                <li><b>Wait a few minutes</b> if you don't see the email right away. Email delivery can sometimes be delayed.</li>
+            </ol>
+
+            <p>The reset link will expire in 1 hour.</p>
+
+            <h5>Still having trouble?</h5>
+            <ul>
+                <li>Make sure you entered the same email address you used when registering.</li>
+                <li>Check the <a href="/faq#reset-email-not-received">FAQ</a> for more troubleshooting tips.</li>
+                <li>Contact us at <a href="mailto:crackmesone@gmail.com">crackmesone@gmail.com</a> for assistance.</li>
+            </ul>
+
+            <div style="display: flex; justify-content: flex-end; gap: 0.5rem; margin-top: 1rem;">
+                <a href="/login" class="btn active">Back to Login</a>
+            </div>
+        </div>
+    </div>
+</div>
+
+{% include 'partial/footer.html' %}
+
+{% endblock %}
+{% block foot %}{% endblock %}
