Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Password Management Token & Server/Client IP Address check #4693

merged 14 commits into from Feb 14, 2020


Copy link

julienhuon commented Feb 12, 2020


Hello Misagh

When you're using the reset password feature, a Token is generated and sent inside a hyperlink by email or SMS.

The Token contains the client IPaddress who requested the reset and the server IP adress who received it.

If the link is used by another client IP address or processed by another server IP address than the ones contains in the Token, the reset will fail.

Problem: When you're running cas inside a container orchestrator like Kubernetes :

  • It could be difficult to stick a user to a specific container
  • A container could have a very short life (less than the token TTL) because of horizontal autoscaling

This pull request adds the capability to disable the check of the server IP address. It also adds the capability to disable to check of the client IP address if needed.

Let me know if you need any further information.


…f the client/server ip address.
apereocas-bot and others added 11 commits Feb 13, 2020
@julienhuon julienhuon requested a review from mmoayyed Feb 13, 2020
@mmoayyed mmoayyed merged commit 0f98a5f into apereo:master Feb 14, 2020
4 of 5 checks passed
4 of 5 checks passed
continuous-integration/travis-ci/pr The Travis CI build failed
Codacy/PR Quality Review Up to standards. A positive pull request.
Summary 2 potential rules
WIP Ready for review
license/cla Contributor License Agreement is signed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.