API: Set the password reset time to 1 hour

citizenos / citizenos-api

Citizen OS API application - https://api.citizenos.com/

Other

31 stars 8 forks source link

API: Set the password reset time to 1 hour #68

Open tiblu opened 5 years ago

tiblu commented 5 years ago

Overview

POST /api/auth/password/reset - passwordResetCode never expires and can be used until new code is generated using POST /api/auth/password/reset/send

TODO:

[ ] passwordResetCode to have an expiry (for ex 1hr)
[ ] After successful reset delete the passwordResetCode

ilmartyrk commented 2 years ago

Still relevant

anettlinno commented 2 years ago

Triage 58. Setting the password reset time to 1 hour as proposed by Tiblu. If user misses this time she can always go back and send herself a new reset code. Est. dev. time 3 hours. Sending to development.

BeccaMelhuish commented 1 day ago

@ssin1901 not sure how important this is, but I assume has security implications? Shall we put it to 'soon'? I see it has 'good first issue' label so presumably is an easy fix :)

ssin1901 commented 1 day ago

@BeccaMelhuish sent to QA testing. Will move to Soon if it still occurs