Closed benoitvidis closed 4 years ago
double checking password expiry strange behaviour > wip
@Aschen : errors code updated.
May not require a full new review but for the records, I also changed the reset token payload from { kuid: '<kuid>' }
to { resetForKuid: '<kuid>' }
to avoid the temptation to use it as an auth token (even it kuzzle relies on a diffrent payload).
@benoitvidis Is this PR still wip
or we can merge it?
@Aschen : It was in wip because of the errorsManager
called with the unexistant throw
method.
Should be ok to merge now if it is to you
We need to update the documentation: the error manager does not have a throw method. It has been removed as it was an hidden flow interruption. This wreaked havoc in our static analyzers and it made our code harder to read (and to maintain)
Double checking reset password expiration time > wip
double checking behaviour on createAdmin > wip
@Aschen , actually, security.createFirstAdmin
and security.createUser
call the validate
method of the strategy before the kuzzle user is created.
I'll propose a PR to change this behaviour but in the meantime, I put the user existence checks back on.
Good catch :+1:
@benoitvidis Can we merge this PR now?
Up
@benoitvidis Can we merge this PR now?
Sorry, I missed @Aschen message. Sure, it can be merged.
~:warning: depends on https://github.com/kuzzleio/kuzzle/pull/1597~
What does this PR do?
This PR introduces the ability to, per user or group of users, apply some password policies.
Each policy can now set:
Related to points 1 & 4, a controller action is added in this PR to allow users to reset their password. An addional "getRestPasswordToken" route is also added, dedicated to admin & programmatic accesses.
@todo: