danielfdsilva
commented
1 year ago In light of Circle CI's security incident this would be really needed.
Open wd15 opened 1 year ago
danielfdsilva
commented
1 year ago In light of Circle CI's security incident this would be really needed.
brint
commented
1 year ago I was digging through the code and found this:
By doing a password reset on my account, I was able to get a new token after the password reset.
danielfdsilva
commented
1 year ago @brint Unfortunately this does not revoke the old token. Here's how I tested it:
Got a token with surge token, logged out and reset the password. Tried the previously issued token by doing surge list --token <token> and it was still working.
alexgleason
commented
11 months ago Bump
mauricioklein
commented
10 months ago I confirm that /token/reset doesn't reset the token.
curl -vvv -XPOST https://surge.surge.sh/token/reset/[my email here]Got a 201 back (with no authentication whatsoever 🤯), but token remains the same.
If at least we got access to their API documentation, we would have a workaround until the CLI is fixed
Can an existing token be revoked with the Surge CLI?
surge token --helpdoesn't give any indications of possible sub-commands.