Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log password reset requests #773

Closed
sammachin opened this issue Jul 8, 2022 · 2 comments · Fixed by #873
Closed

Log password reset requests #773

sammachin opened this issue Jul 8, 2022 · 2 comments · Fixed by #873
Assignees
@hardillb
Labels
story A user-oriented description of a feature
Milestone
0.9

Comments

@sammachin
Copy link
Contributor

Epic

No response

Description

As a: admin

I want to: see password reset requests in the log

So that: I can spot suspicious activity like someone attempting lots of resets.

Possibly should log a hash of the email address entered rather than the actual address? but then sufficient to spot a single address iwth many attempts vs multiple addresses? maybe hash name and domain separately?

Acceptance Criteria

No response
@sammachin sammachin added the story A user-oriented description of a feature label Jul 8, 2022
@sammachin
Copy link
Contributor Author

sammachin commented Jul 8, 2022
edited

@sammachin sammachin added the v1 label Jul 8, 2022
@sammachin sammachin added this to the 0.9 milestone Jul 25, 2022
@hardillb hardillb self-assigned this Aug 10, 2022
@hardillb hardillb mentioned this issue Aug 10, 2022
Merged
@hardillb
Copy link
Contributor

hardillb commented Aug 10, 2022
edited

We already have the source IP address of the request in the HTTP request logs, the PR just adds a marker with the user's hashed id so we can spot/count attempts per user

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hardillb hardillb

Labels
story A user-oriented description of a feature
Projects
🛠 Development
Archived in project
Milestone
0.9
Development

Successfully merging a pull request may close this issue.

Log password reset requests with user id hash FlowFuse/flowfuse
2 participants
@sammachin @hardillb