Password reset tokens never expire

ncbo / ontologies_api

Hypermedia API for NCBO's ontology-related projects

http://data.bioontology.org

Other

25 stars 10 forks source link

Password reset tokens never expire #60

Open jvendetti opened 4 years ago

jvendetti commented 4 years ago

From @andrew-nguyen

... the token never seems to expire (either after a certain amount of time or after being used once). I just clicked on the link that was generated over a week ago and was able to arbitrarily reset my password again.

It would be desirable from a security standpoint to expire these tokens.

alexskr commented 2 years ago

also reset tokens can be used multiple times to reset passwords which is not ideal