Need to ban password resets [#2780881]

/user/password and /user/reset/{uid}/{timestamp}/{hash} paths should be banned as cosign handles that

Comment	File	Size	Author
#3	cosign-routing-2780881-3-8x.patch	2.39 KB	el1_1el
#3
	routing.patch	939 bytes	el1_1el

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

8 August 2016 at 19:45

el1_1el created an issue. See original summary.

Comment #2

mlhess CreditAttribution: mlhess as a volunteer commented 10 August 2016 at 13:15

Status:

Needs review

» Needs work

There are use cases where cosign and normal Drupal logins are used for authentication. This patch would remove normal Drupal users from resetting their passwords.

Comment #3

el1_1el CreditAttribution: el1_1el commented 18 August 2016 at 12:42

File	Size
cosign-routing-2780881-3-8x.patch	2.39 KB

ok. how about this instead.

Comment #4

18 August 2016 at 13:38

mlhess committed 394f58c on 8.x-1.x authored by el1_1el

Issue #2780881 by el1_1el: Need to ban password resets

Comment #5

mlhess CreditAttribution: mlhess as a volunteer commented 18 August 2016 at 13:38

Status:

Needs work

» Fixed

Comment #6

1 September 2016 at 13:44

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Need to ban password resets

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

Thank you to these Drupal contributors

News items

Our community

Documentation

Drupal code base

Governance of community