New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Password reset message says the link is good for 24 hours when it expires after just one or two #7195
Comments
Hello @mlncn, Thank you for your report, I have tried to reproduce your issue and kept the password reset email for 7 hours before clicking on the 'reset password' link. The link was still active and I could reset my password. I will try again in a couple of hours to see whether it's still active until the 24-hour cut-off time. Could you tell me which version of Mattermost you are using and whether your issue reproduces on the desktop app or browser? (If browser, which one?) Thanks! |
Hello again @mlncn I've retried the password reset link from within the email again 20 hours after it was sent and I am still able to reset my password. Perhaps you can try upgrading to the latest version of Mattermost to see if this will resolve your issue? |
Hi @mlncn, we haven't received an update so we'll assume that the problem is fixed or is no longer valid. If you still experience the same problem, try upgrading to the latest version. If the issue persists, reopen this issue with the relevant information and we'd be glad to help you where we can. |
It was Mattermost 4.1.0 through Cloudron. Thanks very much for the quick response and apologies for not responding. It seems it may have been a one-time hiccup, correlated to others also being logged out unexpectedly. Not sure what could have caused that though. |
Hi, everyone. I recently reproduced this issue on Mattermost 5.11.0 and confirmed that the password reset link expired after 2 hours:
Should we have this issue reopened again maybe for investigation? |
There are no issues in the latest version! For people who want to create a temp link with expiry, try https://expiry.link |
Summary
As updated in https://mattermost.atlassian.net/browse/PLT-1592 the password reset message says the link is good for 24 hours. However, the link seems to expire after just one or two hours.
Steps to reproduce
Send password reset and wait more than two hours before clicking it.
Expected behavior
Password should be accepted for 24 hours, or at least using the link should immediately report that it is expired. Instead, it allows entering a password, and then says the link is expired, even though it's not been 24 hours yet.
The text was updated successfully, but these errors were encountered: