-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Email validation tokens #26893
fix: Email validation tokens #26893
Conversation
frontend/src/scenes/authentication/signup/verify-email/verifyEmailLogic.ts
Show resolved
Hide resolved
Size Change: 0 B Total Size: 1.11 MB ℹ️ View Unchanged
|
📸 UI snapshots have been updated1 snapshot changes in total. 0 added, 1 modified, 0 deleted:
Triggered by this commit. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good - thanks for making this change.
One thing to note: this will invalidate all existing tokens, which is mildly annoying to users - we may get increased support requests related to this in the next 24 hours.
📸 UI snapshots have been updated1 snapshot changes in total. 0 added, 1 modified, 0 deleted:
Triggered by this commit. |
Problem
Some investigation around email resetting revealed a few less-than-perfect things. Nothing major from what I can see but confusing APIs that make it look like you can do bad things (which you can't)
Changes
login_timestamp
not being included in the token validation (which is what was allowing an email verification to be used multiple times) - this anyway had a 24 hour limit but now it is even more restrictiveuuid
was coming from.👉 Stay up-to-date with PostHog coding conventions for a smoother review.
Does this work well for both Cloud and self-hosted?
How did you test this code?