Password reset ('forgot password') asks user to backup their e2e keys, which is impossible #6681
Description
Description
When a user tries to reset their password (click on 'Forgot your password?') using an email linked to that account, they are asked to export their E2E room keys. But they don't have access to their keys obviously as they are neither logged in nor have keys in local storage.
Steps to reproduce
- Go to https://riot.im/app/ or any other Riot instance.
- Enter the login page and click 'Forgot your password?'
- Enter your email and password, click 'Send Reset Email'
- You get asked to export your keys, which you don't have access to
(on an instance with guest access disabled)
- Click 'EXPORT E2E ROOM KEYS'
- Enter your passphrase, click 'Export'
- See an 'Unknown error' (second image) and an error in console:
Error exporting e2e keys: TypeError: Cannot read property 'exportRoomKeys' of null
(on an instance with guest access enabled)
- Click 'EXPORT E2E ROOM KEYS'
- Enter your passphrase, click 'Export'
- Get your guest account E2E keys downloaded, not those of your account. Which is very bad, it's misleading and the user thinks they downloaded their keys, not a temporary account ones.
What I expect is a window saying that 'if you don't have a backup of your E2E room keys, you will lose all your E2E history'.
Log: unable to, not logged in
Version information
- Platform: web (in-browser)
- Browser: Chromium
- OS: Arch Linux
- URL: riot.im/develop / riot.im/app / chat.kotobank.ch / any other