On 07/23/2015 06:28 PM, Thomas De Schampheleire wrote:
On July 23, 2015 3:53:34 PM CEST, Mads Kiilerich <[email protected]> wrote:
On 07/19/2015 03:35 PM, Andrew Shadura wrote:
# HG changeset patch
# User Andrew Shadura <[email protected]>
# Date 1431821238 -7200
# Sun May 17 02:07:18 2015 +0200
# Node ID 98cb64feddfb89f106f66763462061fd2ca3f412
# Parent f103b1a2383bc4fba5d28f9732ba832025e3bf00
secure password reset implementation
A couple of other things:
It should make sure it doesn't go too far with changing passwords when
using external authentication (but also not reveal too much information
too early). (I guess it would be nice if each authentication module had
a customizable "tell the user how to change the password" string...)
Related to this, ldap users currently (without patch, I haven't checked with)
see a password reset link that actually sends a mail but without effect on the
password. This is confusing and wrong.
Ok, so it is an independent existing issue in the same area.
/Mads
_______________________________________________
kallithea-general mailing list
[email protected]
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
