For security reasons we should make the reset password unavailable
Description
To avoid problems caused by the url injection we should remove the reset password endpoint, returning 5xx.
Activity
Show:
Details
Priority
HighestAssignee
Gabriel DAmore Marciano
Reporter
Robson Thanael Poffo
Labels
RED_PHONE
Due Date
1 March 2024
Fix versions
CAPL_3.99
Components
TENANT_ADMIN | USERS
Created
9 February 2024, 17:03
Updated
14 February 2024, 15:26
More fields
Created: 9 February 2024, 21:03
Updated:
14 February 2024, 19:26
This issue was automatically transitioned to WAITING DEPLOY, as its PR was just merged into master branch in Github.
This issue was automatically transitioned to QA REVIEW, as its PR was just approved in Github.
This issue was automatically transitioned to REVIEW, as its PR (not DRAFT and not WIP) was just created in Github.
fix:
CAPL-5491 Done Removing reset password until 5217 is in prod [urgent]
This issue was automatically transitioned to IN PROGRESS, as its branch was just created in Github.
hotfix-remove-reset-pass-capl-5491
Message thread link on #red-phone channel:
https://totvscarol.slack.com/archives/C03NT4US9J9/p1707509241774229
@Robson Thanael Poffo ,
@Geny Isam Hamud Herrera ,
This issue was planned to be delivered until 2024-02-12. You can check that by consulting the issue in the Due Date field.
Dates already planned for this issue: 2024-02-12
If External Issue Link field is filled, customer was also informed on JIRA TOTVS.