Skip to content

Extend password reset token validity on password change page load #25279

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 19 commits into from
Aug 20, 2021
Merged

Extend password reset token validity on password change page load #25279

merged 19 commits into from
Aug 20, 2021

Conversation

fredden
Copy link
Member

@fredden fredden commented Oct 24, 2019
edited by m2-assistant bot
Loading

Description (*)

This avoids a race condition where the password reset token is valid at page load time, but no longer valid at page submission time.

In a scenario where a user begins the password reset flow but is unable to immediately complete the same, clicking the link close to expiry time provides an opportunity for an error message after entering a new password due to the token expiring between page load & form submission.

Fixed Issues (if relevant)

Manual testing scenarios (*)

  1. Generate password reset email (admin & frontend)
  2. Follow link back to Magento
  3. Observe password validity in database has been extended/reset

Questions or comments

I am unsure if this change requires a unit test.

Contribution checklist (*)

  • Pull request has a meaningful description of its purpose
  • All commits are accompanied by meaningful commit messages
  • All new or changed code is covered with unit/integration tests (if applicable)
  • All automated tests passed successfully (all builds are green)

Resolved issues:

  1. resolves [Issue] Extend password reset token validity on password change page load #29647: Extend password reset token validity on password change page load

@fredden
Extend token validity on password reset page load
c7fc6d5 
This avoids a race condition where the password reset token is valid at page
load time, but no longer valid at page submission time.
@fredden fredden requested a review from paliarush as a code owner October 24, 2019 21:59
@m2-assistant
Copy link

m2-assistant bot commented Oct 24, 2019

Hi @fredden. Thank you for your contribution
Here is some useful tips how you can test your changes using Magento test environment.
Add the comment under your pull request to deploy test or vanilla Magento instance:

  • @magento give me test instance - deploy test instance based on PR changes
  • @magento give me 2.3-develop instance - deploy vanilla Magento instance

For more details, please, review the Magento Contributor Guide documentation.

@sidolov sidolov changed the base branch from 2.3-develop to 2.4-develop December 5, 2019 17:17
@sidolov sidolov added Priority: P3 May be fixed according to the position in the backlog. Severity: S3 Affects non-critical data or functionality and does not force users to employ a workaround. labels Aug 18, 2020
@sidolov
Copy link
Contributor

sidolov commented Aug 18, 2020

@magento create issue

@m2-assistant m2-assistant bot mentioned this pull request Aug 18, 2020
Closed
4 tasks
@ihor-sviziev ihor-sviziev self-assigned this Sep 28, 2020
@ihor-sviziev
Copy link
Contributor

Hi @fredden,
I'm really sorry for long delay with processing your PR. I'll take it and will try to push it forward.

@ihor-sviziev
Copy link
Contributor

@magento run all tests

@ihor-sviziev ihor-sviziev added Auto-Tests: Not Covered Changes in Pull Request requires coverage by auto-tests Award: bug fix labels Sep 28, 2020
ihor-sviziev
ihor-sviziev requested changes Sep 28, 2020
View reviewed changes
@ihor-sviziev
Copy link
Contributor

@magento run Functional Tests EE, WebAPI Tests

@ihor-sviziev
Copy link
Contributor

@magento run Functional Tests B2B, Functional Tests CE

@magento-engcom-team
Copy link
Contributor

Hi @ihor-sviziev, thank you for the review.
ENGCOM-8461 has been created to process this Pull Request

@engcom-Delta engcom-Delta self-assigned this Nov 26, 2020
@engcom-Delta
Copy link
Contributor

✔️ QA passed
Before:
❌ Value in rp_token_created_at column is not changed after customer open a Set a New Password link from reset password email

After:
✔️ Value in rp_token_created_at column is updated and is equal to the time when customer open a Set a New Password link from reset password email
Peek 2020-11-26 14-36

@engcom-Delta engcom-Delta added the QA: Added to Regression Scope Scenario was analysed and added to Regression Testing Scope label Nov 27, 2020
@engcom-Delta
Copy link
Contributor

Note: Automation tests are passed

@korostii
Copy link
Contributor

@magento-engcom-team Any progress update here please?

magento-engcom-team pushed a commit that referenced this pull request Aug 20, 2021
@gabrieldagama
ENGCOM-8461: Extend password reset token validity on password change …
3d0a2b8 
…page load #25279
@magento-engcom-team magento-engcom-team merged commit b550107 into magento:2.4-develop Aug 20, 2021
@m2-assistant
Copy link

m2-assistant bot commented Aug 20, 2021

Hi @fredden, thank you for your contribution!
Please, complete Contribution Survey, it will take less than a minute.
Your feedback will help us to improve contribution process.

@fredden fredden deleted the password-reset/race-form-fill branch August 22, 2021 10:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ihor-sviziev ihor-sviziev ihor-sviziev approved these changes

@paliarush paliarush Awaiting requested review from paliarush

Assignees

@ihor-sviziev ihor-sviziev

@engcom-Charlie engcom-Charlie

@engcom-Delta engcom-Delta

Labels
Auto-Tests: Covered All changes in Pull Request is covered by auto-tests Award: bug fix Award: category of expertise Award: test coverage Component: Customer Component: User Partner: Fisheye partners-contribution Pull Request is created by Magento Partner Priority: P3 May be fixed according to the position in the backlog. Progress: accept QA: Added to Regression Scope Scenario was analysed and added to Regression Testing Scope Release Line: 2.4 Severity: S3 Affects non-critical data or functionality and does not force users to employ a workaround. Squashtoberfest 2019
Projects
Pull Requests Dashboard
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Issue] Extend password reset token validity on password change page load
7 participants
@fredden @sidolov @ihor-sviziev @engcom-Charlie @magento-engcom-team @engcom-Delta @korostii