View Issue Details

This bug affects 1 person(s).
 264
IDProjectCategoryView StatusLast Update
09599Feature requestsSecuritypublic2019-08-27 11:06
Reporteraesteban Assigned Toc_schmitz  
PrioritynormalSeverityfeature 
Status closedResolutionduplicate 
Summary09599: Use one time URL instead of sending password in "forgotten password" functionality
Description

Send an URL to set a new password instead of sending a new password by email in "forgotten password" funcionality. This URL is valid just one time during a limited period of time.

TagsNo tags attached.
Bug heat264
Story point estimate
Users affected %

Relationships

duplicate of 15190 closedc_schmitz Bug reports Assigned administration user password is generated randomly, but not time-limited and user is not required to change it 
related to 09598 closedscoops Feature requests Add confirm password field 
related to 09568 assignedscoops Feature requests Password strength 

Users monitoring this issue

Activities

DenisChenu

DenisChenu

2015-04-09 08:26

developer   ~31970

Last edited: 2015-04-09 09:01

And for user creation too :)

PS : All LS core plugin are updated in LS3

blocka

blocka

2019-03-27 14:24

reporter   ~51170

Putting a vote in for this feature. And setting minimum password strength.

ritapas

ritapas

2019-04-03 09:25

reporter   ~51290

+1

Mazi

Mazi

2019-04-05 09:22

updater   ~51366

@ollehar, are there any plans for improving password based security at LS 4?

ollehar

ollehar

2019-04-05 10:53

administrator   ~51373

@Mazi, no. In general we have no plans for "smaller features".

ollehar

ollehar

2019-04-05 11:02

administrator   ~51374

At the moment we have no way to prioritize smaller feature requests. We have bigger features and then a lot of bugs that need to be fixed, not much time for other things. Something that can be discussed on the next meeting is how to create priority for features like this. Maybe a voting system?

DenisChenu

DenisChenu

2019-04-05 11:45

developer   ~51376

Some week ago : i can work in develop, and make new feature.
Maybe this must be the point : before merging in develop : be sure other dev can work on ii …

Some are little issue (Sodium issue is an easy fix), but some other are really to big …

New big broke feature can maybe be done in a fork of develop …

Else : there are no smaller feature ! (and security and OWASP is never a small feature …)

blocka

blocka

2019-04-12 22:04

reporter   ~51461

I have code that enforces a configurable minimum password strength. I've built it off the Version 3.17.0+190402 code base.
I'll be able to post it here soon.

blocka

blocka

2019-04-15 16:37

reporter   ~51471

I've posted the code with issue https://bugs.limesurvey.org/view.php?id=14636

Issue History

Date Modified Username Field Change
2015-04-08 19:17 aesteban New Issue
2015-04-08 19:18 aesteban Relationship added related to 09598
2015-04-08 19:18 aesteban Relationship added related to 09568
2015-04-09 01:11 DeveloperChris Issue Monitored: DeveloperChris
2015-04-09 08:26 DenisChenu Note Added: 31970
2015-04-09 09:01 DenisChenu Note Edited: 31970
2019-03-27 14:24 blocka Note Added: 51170
2019-03-27 14:28 DenisChenu Issue Monitored: DenisChenu
2019-04-03 09:25 ritapas Note Added: 51290
2019-04-05 09:22 Mazi Note Added: 51366
2019-04-05 10:53 ollehar Note Added: 51373
2019-04-05 11:02 ollehar Note Added: 51374
2019-04-05 11:45 DenisChenu Note Added: 51376
2019-04-12 22:04 blocka Note Added: 51461
2019-04-15 16:37 blocka Note Added: 51471
2019-08-27 10:45 DenisChenu Relationship added related to 15190
2019-08-27 11:05 c_schmitz Relationship replaced duplicate of 15190
2019-08-27 11:06 c_schmitz Assigned To => c_schmitz
2019-08-27 11:06 c_schmitz Status new => closed
2019-08-27 11:06 c_schmitz Resolution open => duplicate