[PATCH] secure password reset implementation
Andrew Shadura
andrew at shadura.me
Sun Jul 26 18:58:42 UTC 2015
On 23/07/15 15:53, Mads Kiilerich wrote:
> On 07/19/2015 03:35 PM, Andrew Shadura wrote:
>> # HG changeset patch
>> # User Andrew Shadura <andrew at shadura.me>
>> # Date 1431821238 -7200
>> # Sun May 17 02:07:18 2015 +0200
>> # Node ID 98cb64feddfb89f106f66763462061fd2ca3f412
>> # Parent f103b1a2383bc4fba5d28f9732ba832025e3bf00
>> secure password reset implementation
>
> A couple of other things:
> It should make sure it doesn't go too far with changing passwords when
> using external authentication (but also not reveal too much information
> too early). (I guess it would be nice if each authentication module had
> a customizable "tell the user how to change the password" string...)
Right, I have to fix this.
> The user is redirected to a " Code you received in the email" page ...
> but the mail only contains a URL - no mentioning of any code.
Could you please check once more? Because it's one of the things I have
fixed in this revision of the patch.
--
Cheers,
Andrew
More information about the kallithea-general
mailing list