Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forgot Password #42

Merged
merged 14 commits into from
Jan 31, 2025
Merged

Forgot Password #42

merged 14 commits into from
Jan 31, 2025

Conversation

tomaspalma
Copy link
Member

@tomaspalma tomaspalma commented Jan 25, 2025
edited
Loading

Checklist of what still needs to be done

  • Create rate limiter throttle just for password validation
  • Handle parameters in controller because it reduces the complexity of code in the frontend

I've followed the OWASP guidelines.

As per the guidelines, there is no warning shown to the user resetting the password whether the requested email exists or not. However, we internally will not send an email if that email does not belong to any account.

  1. Sends an email with the url which contains the email of the user and a signature from the server.
  2. When the user clicks, it is redirected to a page where they can input their new password.

@tomaspalma tomaspalma self-assigned this Jan 25, 2025
@tomaspalma tomaspalma changed the title feat: forgot password form and sending email Forgot Password Jan 26, 2025
@tomaspalma tomaspalma marked this pull request as ready for review January 26, 2025 13:14
@tomaspalma tomaspalma force-pushed the feature/reset-password branch from 5880ced to 64cd1f8 Compare January 26, 2025 13:26
limwa
limwa requested changes Jan 26, 2025
View reviewed changes
@tomaspalma tomaspalma requested a review from limwa January 28, 2025 13:01
@tomaspalma tomaspalma requested a review from a team January 28, 2025 21:18
@tomaspalma
Copy link
Member Author

tomaspalma commented Jan 30, 2025
edited
Loading

I already applied your requested changes and I noticed now that I had forgotten to push the two commits where I changed the rate limiter and started getting the parameters of the the change password form in the backend instead of the frontend

@AvilaAndre
Copy link
Contributor

AvilaAndre commented Jan 30, 2025
edited
Loading

@tomaspalma

I know this is not the pr that deals with the register, but does your app stop when you register a new account?
I'm trying the pr locally.

@tomaspalma
Copy link
Member Author

I know this is not the pr that deals with the register, but does your app stop when you register a new account?
I'm trying the pr locally.

Do you have a local instance of mailpit running? You can do that by executing docker compose up in the root enei folder.

From what I've tried, having an instance of mailpit does not block after register but if I do not have it, it blocks because there is no connection to the smpt server the website is exepecting to have

@AvilaAndre
Copy link
Contributor

I know this is not the pr that deals with the register, but does your app stop when you register a new account?
I'm trying the pr locally.

Do you have a local instance of mailpit running? You can do that by executing docker compose up in the root enei folder.

From what I've tried, having an instance of mailpit does not block after register but if I do not have it, it blocks because there is no connection to the smpt server the website is exepecting to have

Oops... That was it, thank you!

AvilaAndre
AvilaAndre approved these changes Jan 30, 2025
View reviewed changes
Copy link
Contributor

@AvilaAndre AvilaAndre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My observations are some nice to have changes and some discussions, changing them is not necessary. If you either change them or not is up to you.

Awesome work! :)

@limwa limwa merged commit bb38955 into develop Jan 31, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@limwa limwa limwa approved these changes

@AvilaAndre AvilaAndre AvilaAndre approved these changes

Assignees

@tomaspalma tomaspalma

Labels
review needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tomaspalma @AvilaAndre @limwa