Provide logging for password reset request #3745
Labels
issue/confirmed
Issue has been reviewed and confirmed to be present or accepted to be implemented
type/enhancement
An improvement of existing functionality
Description
A log for each password reset request, like with failed authentications into gitea.log, would be much appreciated.
While not necessarily a security concern, an IP requesting multiple password resets is indicative of bad behavior. This means it's not necessary to differentiate between proper and 'failed' requests.
I'd like to block that with fail2ban which needs a log line present.
The text was updated successfully, but these errors were encountered: