Apache Allura™

Forge software for hosting software projects

Brought to you by: alexluberg, brondsem, ccruz, deshani, and 11 others

#8125 Require password when confirming new email address

Milestone: v1.6.0

Status: closed

Owner: Dave Brondsema

Labels: security (36)

Component: General

Reviewer: nobody

Updated: 2016-12-14

Created: 2016-09-08

Creator: Dave Brondsema

Private: No

We should require a valid login session when opening an email verification link. This avoids the security risk of typos on new email addresses that could potentially let someone else take over your account.

Discussion

Dave Brondsema - 2016-09-08

status: open --> review
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2016-09-08

Fixed on db/8125

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Kenton Taylor - 2016-09-09

Fix looks good, clear to merge.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2016-09-09

status: review --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2016-12-14

Milestone: unreleased --> v1.6.0
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Apache Allura™

Forge software for hosting software projects

Milestone

Searches

Help

#8125 Require password when confirming new email address

Discussion