Skip to content

Releases: SymfonyCasts/reset-password-bundle

Security Enhancement: clear all user requests after usage

18 Apr 00:42
@weaverryan weaverryan
v1.1.1
ac39892
Compare
Choose a tag to compare
Security Enhancement: clear all user requests after usage

Hi friends!

This release contains one change to harden security:

  • ensure all requests are removed for user - #105 thanks to @kbond

While not normally possible (unless you change the throttle timeout), if a user does have multiple, active "password reset requests" in storage, after using one of them to change their password, all "password reset requests" for that user should be removed. This is safer than allowing other password reset requests to remain active.

Cheers!

Assets 2
Loading

Changes to Garbage Collection & more info on TooManyPasswordRequestsException

17 Apr 15:38
@weaverryan weaverryan
v1.1.0
6aaceb2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Changes to Garbage Collection & more info on TooManyPasswordRequestsException

Hi friends!

This release comes with two important changes:

  • The garbage collection process (i.e. deleting old, expired password reset request records) previously would delete all old records. Now it only deletes expired records older than 1 week. This helps people to get a better "Your link is expired" text if they click a reset link multiple times - #103 thanks to @kbond.

  • If a user has requested a password reset too many times and has been "throttled", a TooManyPasswordRequestsException is thrown. That class now has 2 new methods that you can use to get more information:

    • getAvailableAt(): \DateTimeInterface
    • getRetryAfter(): int

Have fun!

Assets 2
Loading

Initial Stable Release

05 Apr 10:54
@weaverryan weaverryan
v1.0.0
5eeaee7
Compare
Choose a tag to compare
Initial Stable Release

Hi friends!

I'm VERY happy and proud to release the first stable version of this bundle. A HUGE thanks to
@jrushlow who worked tirelessly on the details of this bundle to not only get it working, but make
sure it's secure and high quality. Also thanks to @romaricdrigon for bootstrapping this effort and to @bocharsky-bw for reviewing repeatedly.

This bundle works best along with MakerBundle and its new make:reset-password command.

Have fun - and if you find any problems, please open an issue.

Cheers!

Assets 2
Loading

Bug fix for "fake" repository

03 Apr 10:42
@weaverryan weaverryan
v1.0.0-BETA2
7817c6d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Bug fix for "fake" repository Pre-release
Pre-release

Hi!

Still nothing to see here ;). This release contains one bug fix as we finalize the bundle:

  • Fixed incorrect fake repository namespace in service definition see #79

Cheers!

Assets 2
Loading

Initial Beta Release

27 Mar 18:58
@weaverryan weaverryan
v1.0.0-BETA1
239266e
Compare
Choose a tag to compare
Initial Beta Release Pre-release
Pre-release

Hi friends!

Nothing to see here yet. We're releasing a beta of the bundle so it can be tested properly with its MakerBundle integration.

Cheers!

Assets 2
Loading