bricesanchez
commented
5 years ago - Mitigate brute force attacks by giving no clue on existing accounts
- Refactor Refinery::Authentication::Devise::PasswordsController
- Fix offences with Rubocop
Closed bricesanchez closed 5 years ago
bricesanchez
commented
5 years ago bricesanchez
commented
5 years ago @parndt i don't see codeclimate on this repo? Could you check why it's not activated on all the organization?
parndt
commented
5 years ago It's definitely configured for this repo
bricesanchez
commented
5 years ago It's definitely configured for this repo
It's weird, i don't see it in the timeline actions with Travis CI.
parndt
commented
5 years ago It is weird, indeed.
bricesanchez
commented
5 years ago @parndt Could you review this PR please?
parndt
commented
5 years ago @bricesanchez yeah, can you please add screenshots showing how you expect this to function now?
bricesanchez
commented
5 years ago Yes.
Before it could helps a hacker to find which account is used as refinery Admin
Now it give no clue, it always returns that an email has been send even if it does not send an email if the account does not exist
It mitigate brute force attacks.
parndt
commented
5 years ago Thanks for doing it @bricesanchez :+1: