On 07/19/2015 03:35 PM, Andrew Shadura wrote:
# HG changeset patch
# User Andrew Shadura <[email protected]>
# Date 1431821238 -7200
# Sun May 17 02:07:18 2015 +0200
# Node ID 98cb64feddfb89f106f66763462061fd2ca3f412
# Parent f103b1a2383bc4fba5d28f9732ba832025e3bf00
secure password reset implementation
A couple of other things:
It should make sure it doesn't go too far with changing passwords when
using external authentication (but also not reveal too much information
too early). (I guess it would be nice if each authentication module had
a customizable "tell the user how to change the password" string...)
The user is redirected to a " Code you received in the email" page ...
but the mail only contains a URL - no mentioning of any code.
/Mads
_______________________________________________
kallithea-general mailing list
[email protected]
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
