Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password change can be triggered by anyone #353

Open
d262a15b-daf8-4c67-a39d-ec7e03fcc16b opened this issue Feb 16, 2022 · 0 comments
Open

Password change can be triggered by anyone #353

d262a15b-daf8-4c67-a39d-ec7e03fcc16b opened this issue Feb 16, 2022 · 0 comments
Labels
enhancement

Comments

@d262a15b-daf8-4c67-a39d-ec7e03fcc16b
Copy link

What is the version of Jorani?

1.0.0

Expected behaviour

If a user forgets their password, a link to a password change dialog can be send to the user.
However, this email can be ignored, if the user did not really forget their password.

Actual behaviour

Anyone who knows a login name can trigger a password change,
which is annoying for the acual user.

Steps to reproduce the behavior

Enter a valid user name (not own user name) of the Jorani instance and click on "Send me my password"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bbalet @d262a15b-daf8-4c67-a39d-ec7e03fcc16b