Auth: Password reset #40

New Issue

Closed

opened 2020-12-20 16:43:40 +00:00 by niggl · 2 comments

niggl commented 2020-12-20 16:43:40 +00:00

Owner

Copy Link

We probably want our users to have a pw reset route that does stuff based on sending reset links (even if it just returns those links for now instead of sending them via mail)

We probably want our users to have a pw reset route that does stuff based on sending reset links (even if it just returns those links for now instead of sending them via mail)

niggl referenced this issue from a commit 2020-12-22 09:28:07 +00:00

Added pw reset jwt generation

niggl referenced this issue from a commit 2020-12-22 09:38:49 +00:00

Added a basic pw reset action

niggl referenced this issue from a commit 2020-12-22 09:39:18 +00:00

Added a password reset token request route

niggl referenced this issue from a commit 2020-12-22 09:39:42 +00:00

Renamed the password reset token creation class to better fit the scheme

niggl referenced this issue from a commit 2020-12-22 09:44:44 +00:00

Renamed the return variable to fit the class

niggl referenced this issue from a commit 2020-12-22 09:57:09 +00:00

Implemented basic password reset

niggl referenced this issue from a commit 2020-12-22 09:57:25 +00:00

Implemented toe password reset route

niggl added the

status:doing

label 2020-12-22 09:57:40 +00:00

niggl self-assigned this 2020-12-22 09:57:43 +00:00

niggl commented 2020-12-22 09:59:32 +00:00

Author

Owner

Copy Link

I implemented the basic password reset stuff.
Right now it just return's the reset token on request and you can just spam request reset tokens.
Next up I'm gonna implement a reset requesting timeout.

I implemented the basic password reset stuff. Right now it just return's the reset token on request and you can just spam request reset tokens. Next up I'm gonna implement a reset requesting timeout.

niggl referenced this issue from a commit 2020-12-22 10:07:01 +00:00

Set reset token expiry to 15 mins

niggl referenced this issue from a commit 2020-12-22 10:12:25 +00:00

Implemented a password reset timeout

niggl referenced this issue from a commit 2020-12-22 10:18:32 +00:00

Now disableing users while they're in the process of resetting their password

niggl referenced this issue from a commit 2020-12-22 10:20:11 +00:00

Removed bs enabled check

niggl referenced this issue from a commit 2020-12-22 10:27:21 +00:00

Fixed weired query behaviour

niggl referenced this issue from a commit 2020-12-22 10:27:21 +00:00

Users now can be disabled from the start

niggl referenced this issue from a commit 2020-12-22 10:29:54 +00:00

All things auth now check if the user is disabled

niggl referenced this issue from a commit 2020-12-22 10:35:33 +00:00

Removed the user disableing

niggl commented 2020-12-22 10:44:49 +00:00

Author

Owner

Copy Link

I implemented checks and errors for the following:

• Is the user disabled (login, refresh, autorefresh and reset request)?
• Has the user requested another refresh in the last 15min?

And i have a question: What is your opinion on disabling user login for a user while their password reset is in progress? I don't really think we should prevent them from doing this but it certainly is an option.

I implemented checks and errors for the following: * Is the user disabled (login, refresh, autorefresh and reset request)? * Has the user requested another refresh in the last 15min? And i have a question: What is your opinion on disabling user login for a user while their password reset is in progress? I don't really think we should prevent them from doing this but it certainly is an option.

niggl referenced this issue from a commit 2020-12-22 10:48:06 +00:00

Added comments

niggl referenced this issue 2020-12-22 15:02:29 +00:00

Release a new alpha version #47

niggl added a new dependency 2020-12-22 15:04:17 +00:00

#45 Create automated tests for login related stuff

niggl referenced a pull request that will close this issue 2020-12-22 15:04:49 +00:00

feature/40-pw_reset #48

niggl referenced this issue from a commit 2020-12-22 15:29:44 +00:00

Merge pull request 'feature/40-pw_reset' (#48) from feature/40-pw_reset into dev

niggl closed this issue 2020-12-22 15:29:45 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.1

v1.0.0

v0.15.4

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.6

v0.14.5

v0.14.4

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.3

v0.13.2

v0.13.1

v0.12.0

v0.13.0

v0.11.1

v0.11.0

v0.10.2

v0.10.1

v0.10.0

v0.9.2

v0.9.1

v0.9.0

v0.8.0

v0.7.1

v0.7.0

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.1

v0.1.0

v0.0.12

v0.0.11

v0.0.10

v0.0.9

v0.0.8

v0.0.7

0.0.6

0.0.5

Labels

Clear labels   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

priority:high

  

priority:low

  

priority:medium

  

question

More information is needed

  

status:blocked

  

status:doing

  

status:review_needed

  

wontfix

This won't be fixed

No Label

bug

duplicate

enhancement

help wanted

invalid

priority:high

priority:low

priority:medium

question

status:blocked

status:doing

status:review_needed

wontfix

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

niggl

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Blocks

#45 Create automated tests for login related stuff

lfk/backend

Reference: lfk/backend#40

No description provided.