The reset password link should expire

Bug #1296472 reported by Son Nguyen on 2014-03-24
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Robert Lyon
1.7
High
Robert Lyon
1.8
High
Robert Lyon
1.9
High
Robert Lyon

Bug Description

Version: all
Platform: all

If the reset password link can expire, it would be more secure.

Son Nguyen (ngson2000) on 2014-03-24
information type: Public → Public Security
Son Nguyen (ngson2000) on 2014-06-10
Changed in mahara:
status: Confirmed → In Progress
assignee: nobody → Robert Lyon (robertl-9)

Reviewed: https://reviews.mahara.org/3279
Committed: http://gitorious.org/mahara/mahara/commit/fc9ee33299c51e8a13243c4826bf7515065592d6
Submitter: Aaron Wells (<email address hidden>)
Branch: master

commit fc9ee33299c51e8a13243c4826bf7515065592d6
Author: Robert Lyon <email address hidden>
Date: Wed Apr 23 19:49:17 2014 +1200

Checking and removing of expired password requests (Bug #1296472)

Seen as we already have an expiry column in the db we might as well
use it.

Change-Id: I4de92289edff40e26c74ff8b9e4a77cf9bd8ccf2
Signed-off-by: Robert Lyon <email address hidden>

Aaron Wells (u-aaronw) on 2014-06-19
Changed in mahara:
status: In Progress → Fix Committed
milestone: none → 1.10.0
Aaron Wells (u-aaronw) wrote :

Since this is a security bug, we should backport it to the other stable releases.

Mahara Bot (dev-mahara) wrote :

Patch for "1.8_STABLE" branch: https://reviews.mahara.org/3532

Mahara Bot (dev-mahara) wrote :

Patch for "1.7_STABLE" branch: https://reviews.mahara.org/3533

Reviewed: https://reviews.mahara.org/3533
Committed: http://gitorious.org/mahara/mahara/commit/6256bcb3814f732ee8e0e5fdef76b56d7b68b4e3
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.7_STABLE

commit 6256bcb3814f732ee8e0e5fdef76b56d7b68b4e3
Author: Robert Lyon <email address hidden>
Date: Wed Apr 23 19:49:17 2014 +1200

Checking and removing of expired password requests (Bug #1296472)

Seen as we already have an expiry column in the db we might as well
use it.

Change-Id: I4de92289edff40e26c74ff8b9e4a77cf9bd8ccf2
Signed-off-by: Robert Lyon <email address hidden>

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/3532
Committed: http://gitorious.org/mahara/mahara/commit/6477995ed592cf05d8c48d5b8756f1296e7559b8
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.8_STABLE

commit 6477995ed592cf05d8c48d5b8756f1296e7559b8
Author: Robert Lyon <email address hidden>
Date: Wed Apr 23 19:49:17 2014 +1200

Checking and removing of expired password requests (Bug #1296472)

Seen as we already have an expiry column in the db we might as well
use it.

Change-Id: I4de92289edff40e26c74ff8b9e4a77cf9bd8ccf2
Signed-off-by: Robert Lyon <email address hidden>

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/3531
Committed: http://gitorious.org/mahara/mahara/commit/ac17b3d06a74e126ac233f01065a79d9dc9cefa0
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.9_STABLE

commit ac17b3d06a74e126ac233f01065a79d9dc9cefa0
Author: Robert Lyon <email address hidden>
Date: Wed Apr 23 19:49:17 2014 +1200

Checking and removing of expired password requests (Bug #1296472)

Seen as we already have an expiry column in the db we might as well
use it.

Change-Id: I4de92289edff40e26c74ff8b9e4a77cf9bd8ccf2
Signed-off-by: Robert Lyon <email address hidden>

Aaron Wells (u-aaronw) on 2014-10-21
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers