Apache Allura™

Forge software for hosting software projects

Brought to you by: alexluberg, brondsem, ccruz, danielcastillo, and 12 others

#8601 email auth verification by link

Milestone: unreleased

Status: closed

Owner: Dave Brondsema

Labels: None

Component: General

Reviewer: nobody

Updated: 2026-05-01

Created: 2026-04-22

Creator: Dave Brondsema

Private: No

With a link we can have a longer token for more security (still type-able if needed). And the link will defeat some MITM phishing attacks, forcing you to the right site.

We can apply this to 2FA accounts too (currently being skipped) so they get the MITM protections too

Downside is if you don't have email access on the same computer you're logging in to :(

Discussion

Dave Brondsema - 2026-04-22

status: in-progress --> review
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2026-04-22

db/8601

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dillon Walls - 2026-05-01

status: review --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dillon Walls - 2026-05-01

looks good, merged.

There are a few more improvements we could make, but this is a considerable step in the right direction.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Apache Allura™

Forge software for hosting software projects

Milestone

Searches

Help

#8601 email auth verification by link

Discussion