Add web UI for password resets #123
No reviewers
Labels
No Label
priority
high
priority
low
priority
medium
priority
very high
BUG
Feature
High Priority
Low Priority
Medium Priority
No Milestone
No project
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: public/pyceo#123
Loading…
Reference in New Issue
No description provided.
Delete Branch "web"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
@ -0,0 +14,4 @@
</header>
<main>{{ block "main" . }}{{ end }}</main>
<footer>
Copyright © 2024 Computer Science Club of the University of Waterloo
2024 might change later is fine?
I think it should be fine, but we can insert the current year if we want to.
@ -0,0 +1,7 @@
{
what's the difference between this and dev.json besides the port?
The hostname needs to be exactly "127.0.0.1" in the test.json because that's httptest uses.
most of the core logic, seems a bit harder to review unless I try testing it ;)
Just tested in a development environment.
However, I wasn't able to test the following situations:
Some potential suggestions/considerations (in order of importance):
passwd
utility (if they could still access SSH)staff
group?staff
user could say this person is who they claim themselves to beThis can be tested by updating the arguments to the
proxy
program to a user which does not exist, e.g.go run scripts/proxy.go -s app.sock -u jdoe -f John
.This can be tested by running the
login
program as root in the phosphoric-acid container, then logging in as ctdalek.syscom-alerts probably shouldn't be CC'd, since the email contains the raw password, but I agree that we should get notified. I'll add this.
Good idea; I'll add this.
Hm ... I'm not sure how helpful that would be? The whole point of this website is to avoid the hassle of having to email syscom to reset one's password, so if somebody has to email a staff member, we lose the main benefit...
I don't think this is necessary - the button itself is supposed to be for confirmation. The text above it also explains very clearly what it does.