Expire the password reset link [datacenterlight, dynamicweb]
According to a customer report the reset link can be reused. The following changes are necessary:
- Expire after a certain time (I suggest 24h)
- Expire after one use
If feasible, I suggest to focus on ramping up the new user service, implement the change in there and then adjust dynamicweb to use the new user service. This will probably also include to register users in LDAP.
Mondi, if you have time we can work on it this weekend.
- Subject changed from Expire the password reset link to Expire the password reset link [datacenterlight, dynamicweb]
- PM Check date set to 02/17/2019
- Status changed from New to Seen
- Related to Task #5789: Some issues to be cleared about userservice added
- Status changed from Seen to In Progress
- PM Check date changed from 02/17/2019 to 02/21/2019
Mondi Ravi, update the status of the task, please.
- PM Check date changed from 02/21/2019 to 07/15/2019
- Priority changed from Immediate to High
- Due date deleted (
Prioritization: immediate --> high
Also available in: Atom