#7759 After resetting pwd and logging in, don't redir back to pwd reset form

v1.2.0
closed
sf-1 (616)
General
2015-08-20
2014-10-10
No

If you use a forgotten password reset form, e.g. URL /auth/forgotten_password/cc2ffdc2c20db368a1f3e4576159d9d2cc2c75b2 and change your password, then you go to the login page and the login form has a hidden return_to field set to /auth/forgotten_password/cc2ffdc2c20db368a1f3e4576159d9d2cc2c75b2 That is not good, because then you'll end up going to that form again and get an error because the hash is already used. There should be no return_to in this situation.

Discussion

  • Dave Brondsema

    Dave Brondsema - 2014-10-13
    • status: open --> in-progress
    • assigned_to: Dave Brondsema
     
  • Dave Brondsema

    Dave Brondsema - 2014-10-13
    • status: in-progress --> code-review
    • Size: --> 1
     
  • Dave Brondsema

    Dave Brondsema - 2014-10-13

    allura:db/7759

     
  • Igor Bondarenko

    Igor Bondarenko - 2014-10-14
    • QA: Igor Bondarenko
     
  • Igor Bondarenko

    Igor Bondarenko - 2014-10-14
    • status: code-review --> closed
     
  • Dave Brondsema

    Dave Brondsema - 2015-01-05
    • Milestone: unreleased --> asf_release_1.2.0
     

Log in to post a comment.