You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The new authentication methods and the v2 API still use the reset password controller logic. You can still login with username/password and you can still reset a password.
IMO yes, this is still relevant. And a refactoring would be very useful, because if we support multiple API versions, we don't want to copy this code around. IMO we should aim for as less as possible code in controllers. It would be great if the brute force middleware could handle this case:
consider if we can replace this by our brute force middleware
I have removed the help wanted label and added it to the backlog.
We are using a new brute force middleware unit in current master, see https://github.com/TryGhost/Ghost/pull/7579/files.
I've added a TODO in one of my previous PR's, see https://github.com/TryGhost/Ghost/blob/2.9.1/core/server/api/v0.1/authentication.js#L276
We would like to use the new brute force middleware for locking a token if too many tries.
Please read also through the conversation here https://github.com/TryGhost/Ghost/pull/7579/files#r86813677
It contains already a solution how this could be replaced.
The text was updated successfully, but these errors were encountered: