Open tiblu opened 5 years ago
Still relevant
Triage 58. Setting the password reset time to 1 hour as proposed by Tiblu. If user misses this time she can always go back and send herself a new reset code. Est. dev. time 3 hours. Sending to development.
@ssin1901 not sure how important this is, but I assume has security implications? Shall we put it to 'soon'? I see it has 'good first issue' label so presumably is an easy fix :)
@BeccaMelhuish sent to QA testing. Will move to Soon if it still occurs
Overview
POST /api/auth/password/reset
- passwordResetCode never expires and can be used until new code is generated usingPOST /api/auth/password/reset/send
TODO:
passwordResetCode
to have an expiry (for ex 1hr)passwordResetCode