Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API: Set the password reset time to 1 hour #68

Open
2 tasks
tiblu opened this issue Dec 17, 2018 · 6 comments
Open
2 tasks

API: Set the password reset time to 1 hour #68

tiblu opened this issue Dec 17, 2018 · 6 comments

Comments

@tiblu
Copy link
Member

tiblu commented Dec 17, 2018
edited
Loading

Overview

POST /api/auth/password/reset - passwordResetCode never expires and can be used until new code is generated using POST /api/auth/password/reset/send

TODO:

  • passwordResetCode to have an expiry (for ex 1hr)
  • After successful reset delete the passwordResetCode
@tiblu tiblu changed the title API: POST /api/auth/password/reset - passwordResetCode never expires and can be repeatetly used until new code is generated using POST /api/auth/password/reset/send API: POST /api/auth/password/reset - passwordResetCode never expires and can be used until new code is generated using POST /api/auth/password/reset/send Dec 17, 2018
@tiblu tiblu added bug Existing feature not working as designed. good first issue Good for newcomers. security labels Dec 17, 2018
tiblu added a commit that referenced this issue Dec 17, 2018
@tiblu
Generate new and thus invalidate existing password reset code on succ…
06d4d2c 
…essful reset - #68
@loorm loorm removed the security label Feb 28, 2020
@ilmartyrk
Copy link
Member

Still relevant

@anettlinno
Copy link

anettlinno commented Jan 18, 2022
edited
Loading

Triage 58. Setting the password reset time to 1 hour as proposed by Tiblu. If user misses this time she can always go back and send herself a new reset code.
Est. dev. time 3 hours. Sending to development.

@BeccaMelhuish
Copy link
Contributor

@ssin1901 not sure how important this is, but I assume has security implications? Shall we put it to 'soon'? I see it has 'good first issue' label so presumably is an easy fix :)

@BeccaMelhuish BeccaMelhuish changed the title API: POST /api/auth/password/reset - passwordResetCode never expires and can be used until new code is generated using POST /api/auth/password/reset/send API: Setting the password reset time to 1 hour Oct 24, 2024
@BeccaMelhuish BeccaMelhuish changed the title API: Setting the password reset time to 1 hour API: Set the password reset time to 1 hour Oct 24, 2024
@ssin1901 ssin1901 moved this from Backlog - soon to In QA testing in Citizen OS GitHub issue priorities Oct 24, 2024
@ssin1901
Copy link

ssin1901 commented Oct 24, 2024
edited
Loading

@BeccaMelhuish sent to QA testing. Will move to Soon if it still occurs

@ssin1901
Copy link

ssin1901 commented Nov 4, 2024

@BeccaMelhuish it seems that this was not implemented yet. Sending it to Soon.

@ssin1901 ssin1901 moved this from In QA testing to Backlog - soon in Citizen OS GitHub issue priorities Nov 4, 2024
@BeccaMelhuish
Copy link
Contributor

Will tag this Story of Estonia, as could be good to have it in place for then

@BeccaMelhuish BeccaMelhuish moved this from Backlog - soon to Backlog - next? in Citizen OS GitHub issue priorities Jan 10, 2025
@BeccaMelhuish BeccaMelhuish removed bug Existing feature not working as designed. good first issue Good for newcomers. labels Jan 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Citizen OS GitHub issue priorities
Status: No status
Milestone
No milestone
Development

No branches or pull requests
6 participants
@tiblu @ilmartyrk @loorm @anettlinno @BeccaMelhuish @ssin1901