Project

General

Profile

Actions

Task #6465

open

Expire the password reset link [datacenterlight, dynamicweb]

Added by Nico Schottelius almost 3 years ago. Updated over 2 years ago.

Status:
In Progress
Priority:
High
Assignee:
Target version:
-
Start date:
02/15/2019
Due date:
% Done:

0%

Estimated time:
PM Check date:
07/15/2019

Description

According to a customer report the reset link can be reused. The following changes are necessary:

  • Expire after a certain time (I suggest 24h)
  • Expire after one use

If feasible, I suggest to focus on ramping up the new user service, implement the change in there and then adjust dynamicweb to use the new user service. This will probably also include to register users in LDAP.

Mondi, if you have time we can work on it this weekend.


Related issues

Related to queue - Task #5789: Some issues to be cleared about userserviceNew10/09/2018

Actions
Actions

Also available in: Atom PDF