Closed Bug 375902 Opened 18 years ago Closed 18 years ago

password reset clean up

Categories

(Mozilla Labs :: Joey, defect)

Product:
Mozilla Labs
Component:
Joey
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: dougt, Assigned: michael)

Details

reset password should work like this: When you click on the reset link, an re-activate email is send to you but the old password still works. The system asks you to change password when you clicks on the link in the email ...
From Wil, how AMO did it: "If they reset, we send them a URL with a key of md5(the_md5_hash_of_their_old_password) and confirmation code stays null. So, they can still login, but if they go to the url with the special key, we provide a form where they can enter a new password"
Assignee: dougt → michael
Status: NEW → ASSIGNED
Done. I also put in a new validation requirement for the username: it must be [a-zA-Z_0-9] because I need to put it in the un-encoded form in the password reset URL.
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.