Relationship Graph

Relationship Graph
related to related to child of child of duplicate of duplicate of

View Issue Details

This bug affects 1 person(s).
IDProjectCategoryView StatusLast Update
09599Feature requestsSecuritypublic2019-08-27 11:06
Reporteraesteban Assigned Toc_schmitz  
Status closedResolutionduplicate 
Summary09599: Use one time URL instead of sending password in "forgotten password" functionality

Send an URL to set a new password instead of sending a new password by email in "forgotten password" funcionality. This URL is valid just one time during a limited period of time.

TagsNo tags attached.
Bug heat264
Story point estimate
Users affected %


duplicate of 15190 closedc_schmitz Bug reports Assigned administration user password is generated randomly, but not time-limited and user is not required to change it 
related to 09598 closedscoops Feature requests Add confirm password field 
related to 09568 assignedscoops Feature requests Password strength 




2015-04-09 08:26

developer   ~31970

Last edited: 2015-04-09 09:01

And for user creation too :)

PS : All LS core plugin are updated in LS3



2019-03-27 14:24

reporter   ~51170

Putting a vote in for this feature. And setting minimum password strength.



2019-04-03 09:25

reporter   ~51290




2019-04-05 09:22

updater   ~51366

@ollehar, are there any plans for improving password based security at LS 4?



2019-04-05 10:53

administrator   ~51373

@Mazi, no. In general we have no plans for "smaller features".



2019-04-05 11:02

administrator   ~51374

At the moment we have no way to prioritize smaller feature requests. We have bigger features and then a lot of bugs that need to be fixed, not much time for other things. Something that can be discussed on the next meeting is how to create priority for features like this. Maybe a voting system?



2019-04-05 11:45

developer   ~51376

Some week ago : i can work in develop, and make new feature.
Maybe this must be the point : before merging in develop : be sure other dev can work on ii …

Some are little issue (Sodium issue is an easy fix), but some other are really to big …

New big broke feature can maybe be done in a fork of develop …

Else : there are no smaller feature ! (and security and OWASP is never a small feature …)



2019-04-12 22:04

reporter   ~51461

I have code that enforces a configurable minimum password strength. I've built it off the Version 3.17.0+190402 code base.
I'll be able to post it here soon.



2019-04-15 16:37

reporter   ~51471

I've posted the code with issue

Issue History

Date Modified Username Field Change
2015-04-08 19:17 aesteban New Issue
2015-04-08 19:18 aesteban Relationship added related to 09598
2015-04-08 19:18 aesteban Relationship added related to 09568
2015-04-09 01:11 DeveloperChris Issue Monitored: DeveloperChris
2015-04-09 08:26 DenisChenu Note Added: 31970
2015-04-09 09:01 DenisChenu Note Edited: 31970
2019-03-27 14:24 blocka Note Added: 51170
2019-03-27 14:28 DenisChenu Issue Monitored: DenisChenu
2019-04-03 09:25 ritapas Note Added: 51290
2019-04-05 09:22 Mazi Note Added: 51366
2019-04-05 10:53 ollehar Note Added: 51373
2019-04-05 11:02 ollehar Note Added: 51374
2019-04-05 11:45 DenisChenu Note Added: 51376
2019-04-12 22:04 blocka Note Added: 51461
2019-04-15 16:37 blocka Note Added: 51471
2019-08-27 10:45 DenisChenu Relationship added related to 15190
2019-08-27 11:05 c_schmitz Relationship replaced duplicate of 15190
2019-08-27 11:06 c_schmitz Assigned To => c_schmitz
2019-08-27 11:06 c_schmitz Status new => closed
2019-08-27 11:06 c_schmitz Resolution open => duplicate