Page MenuHomeDevCentral
Create Task
Maniphest T472

[Route] Print an error message on /auth/reset instead of return a 404.
Open, LowPublic
Actions

Description

Incoherent situation:

  • /auth/reset/<token> works, and allows to change a password (see T471 for an issue about that)
  • /auth/reset is a 404

We should provide instructions to append the token to the URL if received by mail or to go to /auth/recover if no reset URL has been received.

To solve this:

We've already forked the Laravel ResetPasswords trait in our application, at app/Services/ResetsPasswords.php.

The http not found status is provided by the getReset method.

A specific view or a direct error message are both acceptable.

Related Objects
Search...

Event Timeline

dereckson created this task.Jul 10 2015, 20:10
dereckson raised the priority of this task from to Low.
dereckson updated the task description. (Show Details)
dereckson added a project: Auth Grove.
dereckson added a subscriber: dereckson.
dereckson renamed this task from [Route] GET /auth/reset return a 404 to [Route] Print an error message on /auth/reset instead of return a 404..Jul 10 2015, 20:16
dereckson updated the task description. (Show Details)
dereckson added a project: good-first-issue.
dereckson moved this task from Backlog to Dev on the good-first-issue board.
dereckson added a comment.Feb 16 2023, 19:30

Development moratoire

Per T1771, we're currently considering implementing Keycloak as a reference identity management and SSO login product.

This product exposes a LDAP, OIDC (OpenID Connect) and SAML capabilities to authenticate users and applications. It seems to solve our main problems.

From there, it's not clear what we do with Auth Grove:

  • Scenario A. We drop it, and as users we directly interact with Keycloak. Development is discontinued.
  • Scenario B. Auth Grove is morphed into a front-end to use Keycloak: we expose current information, and interact with Keycloak API (through a generic set of classes to allow to switch to another solution) to set credentials and metadata.
  • Scenario C. We use both Keycloak AND Auth Grove. We don't make integrate with Keycloak at all, to stay independent and not vendor-locked.

While T1771 evaluation is ongoing, a moratoire covers any development activities related to Auth Grove, with the obvious exception of security issues.
This moratoire cover fully or partly this task.

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator