Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Password Management Token & Server/Client IP Address check #4692
When you're using the reset password feature, a Token is generated and sent inside a hyperlink by email or SMS.
The Token contains the client IPaddress who requested the reset and the server IP adress who received it.
If the link is used by another client IP address or processed by another server IP address than the ones contains in the Token, the reset will fail.
Problem: When you're running cas inside a container orchestrator like Kubernetes :
This pull request adds the capability to disable the check of the server IP address. It also adds the capability to disable to check of the client IP address if needed.
Let me know if you need any further information.
@@ Coverage Diff @@ ## 6.1.x #4692 +/- ## ========================================= Coverage 36.25% 36.25% Complexity 5829 5829 ========================================= Files 2579 2579 Lines 52537 52537 Branches 4177 4177 ========================================= Hits 19049 19049 Misses 32069 32069 Partials 1419 1419