Auth: Password reset #40
Labels
No Label
bug
duplicate
enhancement
help wanted
invalid
priority:high
priority:low
priority:medium
question
status:blocked
status:doing
status:review_needed
wontfix
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Blocks
Reference: lfk/backend#40
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
We probably want our users to have a pw reset route that does stuff based on sending reset links (even if it just returns those links for now instead of sending them via mail)
I implemented the basic password reset stuff.
Right now it just return's the reset token on request and you can just spam request reset tokens.
Next up I'm gonna implement a reset requesting timeout.
I implemented checks and errors for the following:
And i have a question: What is your opinion on disabling user login for a user while their password reset is in progress? I don't really think we should prevent them from doing this but it certainly is an option.