-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(core): Make password-reset urls valid only for single-use #7622
Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #7622 +/- ##
==========================================
- Coverage 32.04% 32.03% -0.02%
==========================================
Files 3411 3410 -1
Lines 208763 208711 -52
Branches 22676 22665 -11
==========================================
- Hits 66897 66859 -38
+ Misses 140697 140685 -12
+ Partials 1169 1167 -2
☔ View full report in Codecov by Sentry. |
@netroy On dev mode for some reason the env variable |
@netroy Bellow what we get when clicking on the reset password link after changing the password. Should we redirect to the forgot password page and tell them that the link was already used? This error does not tell the user anything useful |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! left one small comment but I guess that can be addressed in another PR.
2 flaky tests on run #2756 ↗︎
Details:
6-code-node.cy.ts • 1 flaky test
27-two-factor-authentication.cy.ts • 1 flaky test
Review all test suite changes for PR #7622 ↗︎ |
✅ All Cypress E2E specs passed |
public signData(payload: object, options: jwt.SignOptions = {}): string { | ||
return jwt.sign(payload, this.userManagementSecret, options); | ||
return jwt.sign(payload, config.getEnv('userManagement.jwtSecret'), options); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this had to made because of a bug in dev mode that this PR fixes
012e698
to
82812ed
Compare
reverted the Updated the frontend to show the correct error, and the also redirect to the signin screen, just how we do it when the invitation token in invalid on the signup screen. |
|
✅ All Cypress E2E specs passed |
* master: (24 commits) fix(Crypto Node): Fix issue with value not appearing for Sign action (#7619) feat(NocoDB Node): Add new data apis and workspace support (#7329) fix(Facebook Lead Ads Trigger Node): Fix issue with missing scope for business management (#7616) refactor(core): Stop reporting to Sentry missing-node-on-retry error (no-changelog) (#7648) fix(editor): Fix workflow history prune time limit (getting hours instead of days) (#7644) fix(core): Comply with custom default for workflow saving settings (#7634) feat(core): Initial support for two-way communication over websockets (#7570) ci: Conditionally re-enable coverage for frontend packages (no-changelog) (#7641) ci(core): Load config schema after process.env has been overwritten (no-changelog) (#7550) fix(core): Make password-reset urls valid only for single-use (#7622) fix: Error handling on forgot password page (no-changelog) (#7633) ci: Improve CI performance (no-changelog) (#7637) fix(core): Ensure pruning starts only after migrations have completed (#7626) feat(core): Coordinate workflow activation in multiple main scenario in internal API (#7566) fix(editor): Fix local storage flags defaulting to undefined string (#7603) fix(editor): Reset canvas zoom before workspace reset in node view (#7625) fix(editor): More dark-mode fixes (no-changelog) (#7624) fix(core): Fix accessor error when running partial execution (#7618) fix(editor): Fix issue that frontend breaks with unkown nodes (#7596) fix(core): Ensure `init` before checking leader or follower in multi-main scenario (#7621) ...
# [1.16.0](https://github.com/n8n-io/n8n/compare/n8n@1.15.1...n8n@1.16.0) (2023-11-08) ### Bug Fixes * **core:** Comply with custom default for workflow saving settings ([#7634](#7634)) ([48c068f](48c068f)) * **core:** Decrease reset password token expire time ([#7598](#7598)) ([2aa7f63](2aa7f63)) * **core:** Ensure `init` before checking leader or follower in multi-main scenario ([#7621](#7621)) ([a994ba5](a994ba5)) * **core:** Ensure pruning starts only after migrations have completed ([#7626](#7626)) ([f748de9](f748de9)) * **core:** Fix accessor error when running partial execution ([#7618](#7618)) ([26361df](26361df)), closes [#6229](#6229) * **core:** Make password-reset urls valid only for single-use ([#7622](#7622)) ([6031424](6031424)) * **Crypto Node:** Fix issue with value not appearing for Sign action ([#7619](#7619)) ([5df583f](5df583f)) * **editor:** Allow overriding theme from query params ([#7591](#7591)) ([2854a0c](2854a0c)) * **editor:** Fix issue that frontend breaks with unkown nodes ([#7596](#7596)) ([db56a9e](db56a9e)) * **editor:** Fix local storage flags defaulting to undefined string ([#7603](#7603)) ([151e60f](151e60f)) * **editor:** Fix workflow history prune time limit (getting hours instead of days) ([#7644](#7644)) ([3d5a485](3d5a485)) * **editor:** Hide not supported node options ([#7597](#7597)) ([b532a7b](b532a7b)) * **editor:** Remove unknown credentials on pasting workflow ([#7582](#7582)) ([d633753](d633753)) * **editor:** Reset canvas zoom before workspace reset in node view ([#7625](#7625)) ([78b84af](78b84af)) * **editor:** Zoom in/out on canvas the same amount on scroll/gesture ([#7602](#7602)) ([c92402a](c92402a)) * **Facebook Lead Ads Trigger Node:** Fix issue with missing scope for business management ([#7616](#7616)) ([32b85ba](32b85ba)) ### Features * **core:** Add the node version to telemetry in node_graph_string ([#7449](#7449)) ([59dc36a](59dc36a)) * **core:** Coordinate workflow activation in multiple main scenario in internal API ([#7566](#7566)) ([c857e42](c857e42)) * **core:** Initial support for two-way communication over websockets ([#7570](#7570)) ([ac87701](ac87701)) * **core:** Log executed migrations with info level ([#7586](#7586)) ([7dac9ab](7dac9ab)) * **core:** Rate limit forgot password endpoint ([#7604](#7604)) ([5790e25](5790e25)) * **LinkedIn Node:** Add support for Article thumbnails ([#7489](#7489)) ([e6d3d1a](e6d3d1a)) * **NocoDB Node:** Add new data apis and workspace support ([#7329](#7329)) ([da2d2a8](da2d2a8)) Co-authored-by: ivov <ivov@users.noreply.github.com>
Got released with |
No description provided.