reset-password-bundle
Need a killer reset password feature for your Symfony? Us too!
MIT License
Bot releases are hidden (Show)
Published by jrushlow over 3 years ago
Howdy Resetters!
This is a small release containing community-contributed translations for the Turkish language.
Diff: https://github.com/SymfonyCasts/reset-password-bundle/compare/v1.6.0...v1.7.0
Happy Resetting!
Published by jrushlow over 3 years ago
Howdy!
This release adds a new helper method that allows you to generate fake reset tokens (#156).
Why would I want to do that? This can be used to display a "reset confirmation email sent" page that includes a valid "expiration date", even if the requested email was not actually found.
Diff: https://github.com/SymfonyCasts/reset-password-bundle/compare/v1.5.0...v1.6.0
Happy Resetting!
Published by weaverryan over 3 years ago
Hi Resetters!
This release contains more community-supplied translations for Italian, Spanish, Portuguese as well as some fixes for French (#155) and Polish (#153) Thank you to all the contributors ❤️ .
Diff: https://github.com/SymfonyCasts/reset-password-bundle/compare/v1.4.0...v1.5.0
Have fun!
Published by weaverryan over 3 years ago
Hi Resetters!
This release contains a bunch of new community-supplied translations for German, French, Polish, Serbian, Ukranian & Russian. Thank you to all the contributors ❤️ .
Diff: https://github.com/SymfonyCasts/reset-password-bundle/compare/v1.3.0...v1.4.0
Have fun!
Published by weaverryan almost 4 years ago
Hi Resetters!
This release contains #143 from @jrushlow which introduces 2 new methods in ResetPasswordControllerTrait for storing the entire ResetPasswordToken object in the session. The purpose of this - see https://github.com/symfony/maker-bundle/pull/785 - is to allow you to store the object in the session so that you can accurately show the expiration time on the next page.
Diff: https://github.com/SymfonyCasts/reset-password-bundle/compare/v1.2.2...v1.3.0
Have fun!
Published by weaverryan almost 4 years ago
Hi!
This release contains a fix to the fix in 1.2.1 related to timezones and expires at - see #138 for details and #139 for the fix.
Cheers!
Published by weaverryan almost 4 years ago
Hi friends!
This is a small release that contains one bug fix in #135 thanks to @jrushlow - which fixes #119
Previously, depending on your server timezone, the "reset password link expiration" email may have rendered incorrectly, for example telling the user that they had, for example, 7 hours until the token expired, when in reality it was only 1.
The fix also adds native translation support. To use it, in the template that sends the verification email, make the following change:
- <p>This link will expire in {{ tokenLifetime|date('g') }} hour(s).</p>
+ <p>This link will expire in {{ resetToken.expirationMessageKey|trans(resetToken.expirationMessageData, 'ResetPasswordBundle') }}.</p>
Have fun!
Published by weaverryan almost 4 years ago
Hi friends!
This is a tiny release that simply makes this bundle installable on PHP 8. This support should be considered experimental - we don't expect any issues, but we're waiting on GH actions support for PHP 8 before the CI pipeline will fully test PHP 8.
Highlights
#134 - Allow the bundle to be used with PHP 8 - thanks to @ker0x
Cheers!
Published by weaverryan over 4 years ago
Hi friends!
This release contains one change to harden security:
- ensure all requests are removed for user - #105 thanks to @kbond
While not normally possible (unless you change the throttle timeout), if a user does have multiple, active "password reset requests" in storage, after using one of them to change their password, all "password reset requests" for that user should be removed. This is safer than allowing other password reset requests to remain active.
Cheers!
Published by weaverryan over 4 years ago
Hi friends!
This release comes with two important changes:
-
The garbage collection process (i.e. deleting old, expired password reset request records) previously would delete all old records. Now it only deletes expired records older than 1 week. This helps people to get a better "Your link is expired" text if they click a reset link multiple times - #103 thanks to @kbond.
-
If a user has requested a password reset too many times and has been "throttled", a
TooManyPasswordRequestsExceptionis thrown. That class now has 2 new methods that you can use to get more information:getAvailableAt(): \DateTimeInterface- getRetryAfter(): int
Have fun!
Published by weaverryan over 4 years ago
Hi friends!
I'm VERY happy and proud to release the first stable version of this bundle. A HUGE thanks to
@jrushlow who worked tirelessly on the details of this bundle to not only get it working, but make
sure it's secure and high quality. Also thanks to @romaricdrigon for bootstrapping this effort and to @bocharsky-bw for reviewing repeatedly.
This bundle works best along with MakerBundle and its new make:reset-password command.
Have fun - and if you find any problems, please open an issue.
Cheers!
Published by weaverryan over 4 years ago
Hi!
Still nothing to see here ;). This release contains one bug fix as we finalize the bundle:
- Fixed incorrect fake repository namespace in service definition see #79
Cheers!
Published by weaverryan over 4 years ago
Hi friends!
Nothing to see here yet. We're releasing a beta of the bundle so it can be tested properly with its MakerBundle integration.
Cheers!
