The current implementation doesn't seem to rotate the API key on password reset, which is a security issue.
Also, I've changed the /auth/login api so that it returns the API key within the JSON body too.
This is untested code, please make sure it works before merging.
Title.
The current implementation doesn't seem to rotate the API key on password reset, which is a security issue. Also, I've changed the /auth/login api so that it returns the API key within the JSON body too.
This is untested code, please make sure it works before merging.
Thanks!