Strengthen the password-reset-by-email feature
Bug #1026982 reported by
François Marier
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Libravatar (obsolete) |
Confirmed
|
High
|
Unassigned |
Bug Description
Here are some good tips on how to strengthen passwords resets via email:
Changed in libravatar: | |
assignee: | nobody → François Marier (fmarier) |
status: | Triaged → Confirmed |
importance: | Low → High |
tags: | added: passwords |
Changed in libravatar: | |
assignee: | François Marier (fmarier) → nobody |
To post a comment you must log in.
Now that Persona support is gone (bug 1533018), we need to make sure that password resets are solid.
Currently, the logic in account/ forms.py: :PasswordResetF orm() is broken because it assumes that if you don't have a password set, you shouldn't be able to reset it and instead use OpenID or Persona to login.