Page MenuHomewrite.as

Password resetting
Open, HighPublic

Description

Overview

Allow user to reset their password with an emailed link.

Background

This is happening more frequently.

Implementation

Add "forgot password?" link to login page and Pad dialog. Ask for email address (?).

Heavily rate-limit submitted requests.

Handle different cases:

  • User has an email and password set: mention that they can log in via email (and link to guide), and that an email with a reset link has been sent to them.
  • User only has an email set: mention that they don't have a password set, and can log in via email (link to guide)
  • User only has a password set or email doesn't exist: mention that an email with a reset link has been sent to them.
  • User has no email or password set: mention this and tell them to message us (perhaps pop up chat window)

Email should contain a link with a sudo=1 one-time auth-token that redirects them to /me/settings?pass and only prompts them to pick a new password. Also include the username field so browsers update their saved passwords.

Related Objects

StatusAssignedTask
Openmatt

Event Timeline

matt created this task.Jan 22 2018, 5:53 AM
matt triaged this task as High priority.
matt added a parent task: Restricted Maniphest Task.
matt added a project: Restricted Project.Jan 29 2018, 2:28 AM
matt moved this task from Backlog to Apr - Jun 2018 on the Write.as Web board.Feb 14 2018, 3:57 PM
matt edited projects, added Write.as Web (Apr - Jun 2018); removed Write.as Web.
matt changed the visibility from "Restricted Project (Project)" to "Public (No Login Required)".Nov 18 2018, 8:21 PM
matt moved this task from Far Future to v1.0 on the Write Freely board.Jan 4 2019, 11:24 PM
matt edited projects, added Write Freely (v1.0); removed Write Freely.