lfk/backend
2
0
Fork 0
Code Issues 1 Pull Requests Actions Projects Releases 40 Activity

Auth: Password reset #40

New Issue
Closed
opened 2020-12-20 16:43:40 +00:00 by niggl · 2 comments
niggl commented 2020-12-20 16:43:40 +00:00
Owner
Copy Link

We probably want our users to have a pw reset route that does stuff based on sending reset links (even if it just returns those links for now instead of sending them via mail)

We probably want our users to have a pw reset route that does stuff based on sending reset links (even if it just returns those links for now instead of sending them via mail)
niggl referenced this issue from a commit 2020-12-22 09:28:07 +00:00
Added pw reset jwt generation
niggl referenced this issue from a commit 2020-12-22 09:38:49 +00:00
Added a basic pw reset action
niggl added the
status:doing
 label 2020-12-22 09:57:40 +00:00
niggl self-assigned this 2020-12-22 09:57:43 +00:00
niggl commented 2020-12-22 09:59:32 +00:00
Author
Owner
Copy Link

I implemented the basic password reset stuff.
Right now it just return's the reset token on request and you can just spam request reset tokens.
Next up I'm gonna implement a reset requesting timeout.

I implemented the basic password reset stuff. Right now it just return's the reset token on request and you can just spam request reset tokens. Next up I'm gonna implement a reset requesting timeout.
niggl referenced this issue from a commit 2020-12-22 10:20:11 +00:00
Removed bs enabled check
niggl referenced this issue from a commit 2020-12-22 10:27:21 +00:00
Fixed weired query behaviour
niggl referenced this issue from a commit 2020-12-22 10:35:33 +00:00
Removed the user disableing
niggl commented 2020-12-22 10:44:49 +00:00
Author
Owner
Copy Link

I implemented checks and errors for the following:

  • Is the user disabled (login, refresh, autorefresh and reset request)?
  • Has the user requested another refresh in the last 15min?

And i have a question: What is your opinion on disabling user login for a user while their password reset is in progress? I don't really think we should prevent them from doing this but it certainly is an option.

I implemented checks and errors for the following: * Is the user disabled (login, refresh, autorefresh and reset request)? * Has the user requested another refresh in the last 15min? And i have a question: What is your opinion on disabling user login for a user while their password reset is in progress? I don't really think we should prevent them from doing this but it certainly is an option.
niggl referenced this issue from a commit 2020-12-22 10:48:06 +00:00
Added comments
niggl added a new dependency 2020-12-22 15:04:17 +00:00
#45 Create automated tests for login related stuff
niggl closed this issue 2020-12-22 15:29:45 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something is not working
duplicate
This issue or pull request already exists
enhancement
New feature
help wanted
Need some help
invalid
Something is wrong
priority:high
priority:low
priority:medium
question
More information is needed
status:blocked
status:doing
status:review_needed
wontfix
This won't be fixed
Complexity
Easy
The complexity is low
Complexity
Hard
The complexity is high
Complexity
Medium
The complexity is medium
Kind/Bug
Something is not working
Kind/Enhancement
Improve existing functionality
Kind/Feature
New functionality
Kind/Question
A question
Kind/Security
This is security issue
Kind/Testing
Issue or pull request related to testing
Priority
Critical
The priority is critical
Priority
High
The priority is high
Priority
Low
The priority is low
Priority
Medium
The priority is medium
Reviewed
Confirmed
Issue has been confirmed
Reviewed
Duplicate
This issue or pull request already exists
Reviewed
Invalid
Invalid issue
Reviewed
Won't Fix
This issue won't be fixed
Status
Abandoned
Somebody has started to work on this but abandoned work
Status
Blocked
Something is blocking this issue or pull request
Status/Confirmed
This is indeed a bug/issue
Status
Doing
Somebody is working on this
Status
Need More Info
Feedback is required to reproduce issue or to continue work
Status
Review needed
Needs a reveiw
No Label
status:doing
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
niggl odit_bot philipp
No Assignees niggl
1 Participants
Notifications
Due Date
No due date set.
Blocks
#45 Create automated tests for login related stuff
lfk/backend
Reference: lfk/backend#40
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?