Rotate API key on password reset

fosshostorg / aarch64

Dashboard and API for https://console.aarch64.com

https://console.aarch64.com

GNU Affero General Public License v3.0

12 stars 7 forks source link

Rotate API key on password reset #67

Closed iojcde closed 3 years ago

iojcde commented 3 years ago

Title.

The current implementation doesn't seem to rotate the API key on password reset, which is a security issue. Also, I've changed the /auth/login api so that it returns the API key within the JSON body too.

This is untested code, please make sure it works before merging.

Thanks!

iojcde commented 3 years ago

@knightss27 could you approve so the workflow can run?