Comments (7)
jcspencer
commented on May 9, 2024
Like in #21, we can simply generate a string reset_token and a date reset_last_requested. When it comes to the email itself, we can simply send a link to, for example, /reset/:token that will only work for, say, 30 minutes after reset_last_requested.
It would also be required that all current sessions are invalidated and that the user must log in with the new password after the reset, for security purposes.
from hexpm.
josevalim
commented on May 9, 2024
It would also be required that all current sessions are invalidated and that the user must log in with the new password after the reset, for security purposes.
Very good point. A common practice is to store the password salt in the session and compare it with the one in the database on every fetch. If the salt in the session differs from the DB, the session is invalid.
from hexpm.
jcspencer
commented on May 9, 2024
@josevalim 👍 This sounds like it would work nicely!
from hexpm.
ericmj
commented on May 9, 2024
We don't have sessions today so that won't be an issue.
I would also like to add the option to invalidate all the users API keys after the password has been reset.
from hexpm.
jcspencer
commented on May 9, 2024
Would this delete the key entirely, or set a flag on the key row?
from hexpm.
ericmj
commented on May 9, 2024
Just delete it.
from hexpm.
jcspencer
commented on May 9, 2024
Assigning myself to this one, working on it this weekend.
from hexpm.
Related Issues (20)
- Docs link is `404` HOT 2
- Easy way to view release dates on https://hexdocs.pm/module HOT 1
- Hex PM unsubscription HOT 1
- Publishing failed: Page not found error HOT 2
- Consider rebar3 plugins in dependents HOT 2
- broken layout for stats on landing page HOT 1
- Adding co-occurrence metrics to facilitate finding related packages HOT 2
- Missing guards page HOT 1
- Add documentation surrounding hex repo verification HOT 3
- hex.pm SSL Certificate expired HOT 1
- Proposal: Display if a package is a library or application HOT 3
- Unresponsive [email protected] HOT 1
- Travis tests?? HOT 1
- Proposal: Add discussions links to hex.pm (Elixir Forum link, Github Discussion link, Discord link, ...) - hexrooms.pm is available HOT 1
- CSS issue with heading in the Versions page HOT 1
- Getting an error trying to publish a package HOT 2
- 404 Link in Elixir Doc HOT 1
- Show authenticator key when adding two-factor authentication HOT 4
- Hexpm - readme
- Link to Enum cheatsheet needs updating HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hexpm.