Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password reset message says the link is good for 24 hours when it expires after just one or two #7195

Closed
mlncn opened this issue Aug 12, 2017 · 6 comments
Closed

Password reset message says the link is good for 24 hours when it expires after just one or two #7195

mlncn opened this issue Aug 12, 2017 · 6 comments

Comments

@mlncn
Copy link

mlncn commented Aug 12, 2017

Summary

As updated in https://mattermost.atlassian.net/browse/PLT-1592 the password reset message says the link is good for 24 hours. However, the link seems to expire after just one or two hours.

Steps to reproduce

Send password reset and wait more than two hours before clicking it.

Expected behavior

Password should be accepted for 24 hours, or at least using the link should immediately report that it is expired. Instead, it allows entering a password, and then says the link is expired, even though it's not been 24 hours yet.
@lindy65
Copy link
Contributor

lindy65 commented Aug 14, 2017

Hello @mlncn,

Thank you for your report,

I have tried to reproduce your issue and kept the password reset email for 7 hours before clicking on the 'reset password' link. The link was still active and I could reset my password.

I will try again in a couple of hours to see whether it's still active until the 24-hour cut-off time.

Could you tell me which version of Mattermost you are using and whether your issue reproduces on the desktop app or browser? (If browser, which one?)

Thanks!

@lindy65
Copy link
Contributor

lindy65 commented Aug 15, 2017

Hello again @mlncn

I've retried the password reset link from within the email again 20 hours after it was sent and I am still able to reset my password.

Perhaps you can try upgrading to the latest version of Mattermost to see if this will resolve your issue?

@lindy65
Copy link
Contributor

lindy65 commented Aug 23, 2017

Hi @mlncn, we haven't received an update so we'll assume that the problem is fixed or is no longer valid.

If you still experience the same problem, try upgrading to the latest version.

If the issue persists, reopen this issue with the relevant information and we'd be glad to help you where we can.

@lindy65 lindy65 closed this as completed Aug 23, 2017
@mlncn
Copy link
Author

mlncn commented Aug 30, 2017

It was Mattermost 4.1.0 through Cloudron. Thanks very much for the quick response and apologies for not responding. It seems it may have been a one-time hiccup, correlated to others also being logged out unexpectedly. Not sure what could have caused that though.

@ahmaddanialmohd
Copy link

Hi, everyone.

I recently reproduced this issue on Mattermost 5.11.0 and confirmed that the password reset link expired after 2 hours:

  • Confirm that the email is received at 6:56 AM:

password_reset_1

  • Went ahead with the password reset at 9:06 AM:

password_reset_2

  • Verified that the password reset link has expired

password_reset_3

Should we have this issue reopened again maybe for investigation?

@zaengerlein zaengerlein mentioned this issue Jan 27, 2022
Closed
@MKDan
Copy link

MKDan commented Jul 29, 2022
edited

There are no issues in the latest version! For people who want to create a temp link with expiry, try https://expiry.link

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mlncn @lindy65 @MKDan @ahmaddanialmohd