fix(core): Make password-reset urls valid only for single-use #7622
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
n8n-assistant
bot
added
core
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #7622 +/- ##
==========================================
- Coverage 32.04% 32.03% -0.02%
==========================================
Files 3411 3410 -1
Lines 208763 208711 -52
Branches 22676 22665 -11
==========================================
- Hits 66897 66859 -38
+ Misses 140697 140685 -12
+ Partials 1169 1167 -2
☔ View full report in Codecov by Sentry. |
|
@netroy On dev mode for some reason the env variable |
|
@netroy Bellow what we get when clicking on the reset password link after changing the password. Should we redirect to the forgot password page and tell them that the link was already used? This error does not tell the user anything useful 
|
RicardoE105
previously approved these changes
Nov 6, 2023
2 flaky tests on run #2756 ↗︎
Details:
|
|||||||||||||||||||||||||||
| Test | Artifacts | |
|---|---|---|
| ... > generate code button should have correct state & tooltips |
Output
Screenshots
Video
|
|
27-two-factor-authentication.cy.ts • 1 flaky test
| Test | Artifacts | |
|---|---|---|
| Two-factor authentication > Should be able to login with MFA token |
Output
Screenshots
Video
|
|
Review all test suite changes for PR #7622 ↗︎
|
✅ All Cypress E2E specs passed |
netroy
commented
Nov 7, 2023
| public signData(payload: object, options: jwt.SignOptions = {}): string { | ||
| return jwt.sign(payload, this.userManagementSecret, options); | ||
| return jwt.sign(payload, config.getEnv('userManagement.jwtSecret'), options); |
There was a problem hiding this comment.
this had to made because of a bug in dev mode that this PR fixes
netroy
force-pushed
the
password-reset-only-once
branch
from
012e698
to
82812ed
Compare
|
reverted the Updated the frontend to show the correct error, and the also redirect to the signin screen, just how we do it when the invitation token in invalid on the signup screen. |
RicardoE105
approved these changes
Nov 7, 2023
|
|
|
✅ All Cypress E2E specs passed |
MiloradFilipovic
added a commit
that referenced
this pull request
Nov 8, 2023
* master: (24 commits) fix(Crypto Node): Fix issue with value not appearing for Sign action (#7619) feat(NocoDB Node): Add new data apis and workspace support (#7329) fix(Facebook Lead Ads Trigger Node): Fix issue with missing scope for business management (#7616) refactor(core): Stop reporting to Sentry missing-node-on-retry error (no-changelog) (#7648) fix(editor): Fix workflow history prune time limit (getting hours instead of days) (#7644) fix(core): Comply with custom default for workflow saving settings (#7634) feat(core): Initial support for two-way communication over websockets (#7570) ci: Conditionally re-enable coverage for frontend packages (no-changelog) (#7641) ci(core): Load config schema after process.env has been overwritten (no-changelog) (#7550) fix(core): Make password-reset urls valid only for single-use (#7622) fix: Error handling on forgot password page (no-changelog) (#7633) ci: Improve CI performance (no-changelog) (#7637) fix(core): Ensure pruning starts only after migrations have completed (#7626) feat(core): Coordinate workflow activation in multiple main scenario in internal API (#7566) fix(editor): Fix local storage flags defaulting to undefined string (#7603) fix(editor): Reset canvas zoom before workspace reset in node view (#7625) fix(editor): More dark-mode fixes (no-changelog) (#7624) fix(core): Fix accessor error when running partial execution (#7618) fix(editor): Fix issue that frontend breaks with unkown nodes (#7596) fix(core): Ensure `init` before checking leader or follower in multi-main scenario (#7621) ...
Merged
ivov
added a commit
that referenced
this pull request
Nov 8, 2023
# [1.16.0](https://github.com/n8n-io/n8n/compare/n8n@1.15.1...n8n@1.16.0) (2023-11-08) ### Bug Fixes * **core:** Comply with custom default for workflow saving settings ([#7634](#7634)) ([48c068f](48c068f)) * **core:** Decrease reset password token expire time ([#7598](#7598)) ([2aa7f63](2aa7f63)) * **core:** Ensure `init` before checking leader or follower in multi-main scenario ([#7621](#7621)) ([a994ba5](a994ba5)) * **core:** Ensure pruning starts only after migrations have completed ([#7626](#7626)) ([f748de9](f748de9)) * **core:** Fix accessor error when running partial execution ([#7618](#7618)) ([26361df](26361df)), closes [#6229](#6229) * **core:** Make password-reset urls valid only for single-use ([#7622](#7622)) ([6031424](6031424)) * **Crypto Node:** Fix issue with value not appearing for Sign action ([#7619](#7619)) ([5df583f](5df583f)) * **editor:** Allow overriding theme from query params ([#7591](#7591)) ([2854a0c](2854a0c)) * **editor:** Fix issue that frontend breaks with unkown nodes ([#7596](#7596)) ([db56a9e](db56a9e)) * **editor:** Fix local storage flags defaulting to undefined string ([#7603](#7603)) ([151e60f](151e60f)) * **editor:** Fix workflow history prune time limit (getting hours instead of days) ([#7644](#7644)) ([3d5a485](3d5a485)) * **editor:** Hide not supported node options ([#7597](#7597)) ([b532a7b](b532a7b)) * **editor:** Remove unknown credentials on pasting workflow ([#7582](#7582)) ([d633753](d633753)) * **editor:** Reset canvas zoom before workspace reset in node view ([#7625](#7625)) ([78b84af](78b84af)) * **editor:** Zoom in/out on canvas the same amount on scroll/gesture ([#7602](#7602)) ([c92402a](c92402a)) * **Facebook Lead Ads Trigger Node:** Fix issue with missing scope for business management ([#7616](#7616)) ([32b85ba](32b85ba)) ### Features * **core:** Add the node version to telemetry in node_graph_string ([#7449](#7449)) ([59dc36a](59dc36a)) * **core:** Coordinate workflow activation in multiple main scenario in internal API ([#7566](#7566)) ([c857e42](c857e42)) * **core:** Initial support for two-way communication over websockets ([#7570](#7570)) ([ac87701](ac87701)) * **core:** Log executed migrations with info level ([#7586](#7586)) ([7dac9ab](7dac9ab)) * **core:** Rate limit forgot password endpoint ([#7604](#7604)) ([5790e25](5790e25)) * **LinkedIn Node:** Add support for Article thumbnails ([#7489](#7489)) ([e6d3d1a](e6d3d1a)) * **NocoDB Node:** Add new data apis and workspace support ([#7329](#7329)) ([da2d2a8](da2d2a8)) Co-authored-by: ivov <ivov@users.noreply.github.com>
|
Got released with |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.