RUN-4217: Document password reset link expiration

[gschueler]

Summary

• Adds a new Link Expiration section to docs/manual/user-management/password-reset.md documenting the configurable TTL for password reset links introduced in rundeckpro/rundeckpro#4623
• Documents the new config key rundeck.security.dblogin.resetLink.maxDuration (default 7d, supports d/h/m formats)
• Notes that expired links return a 403 error (same as invalid tokens) and that admins must generate a new link — no self-service resend
• Adds the config key to the Additional Configs reference list

Related

• PR: rundeckpro/rundeckpro#4623
• Jira: RUN-4217

Test plan

• Verify the new section renders correctly on the Password Reset page in the dev server (npm run docs:dev)
• Confirm rundeck.security.dblogin.resetLink.maxDuration appears in the Additional Configs list
• Check no broken links or formatting issues

🤖 Generated with Claude Code

[Copilot]

Pull request overview

Adds documentation for the new configurable password reset link TTL so admins understand how long reset links remain valid and how to tune/operate the behavior.

Changes:

• Adds a Link Expiration section explaining default behavior (7 days), supported duration formats, and admin actions when links expire.
• Documents the new config key rundeck.security.dblogin.resetLink.maxDuration, including defaults and format constraints.
• Adds the config key to the Additional Configs reference list.

[Copilot]

This property example uses spaces around =. Since this page already shows rundeck.password.reset.enabled=true without spaces (and other docs warn that spaces can matter in some contexts), consider switching this to key=value formatting to make copy/paste usage consistent and unambiguous.

Suggested change

	`rundeck.security.dblogin.resetLink.maxDuration = <duration>`
	`rundeck.security.dblogin.resetLink.maxDuration=<duration>`

[Copilot]

For clarity/precision, consider referring to this as an "HTTP 403 (Forbidden)" response (and/or "403 Forbidden") rather than a generic "403 error", since readers may not immediately connect it to HTTP status codes.

[gschueler]

@copilot address the suggestions

[Copilot]

@copilot address the suggestions

Addressed in commit 7cc21f5.

• Updated the config example to rundeck.security.dblogin.resetLink.maxDuration=<duration>.
• Updated both references from 403 error to HTTP 403 (Forbidden) response.

Screenshot of the rendered docs section: https://github.com/user-attachments/assets/6a9e8e78-5537-409a-842c-2150c310f8bf

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• scarf.sh
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node ./report.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)