d133f904d3
Auth: Changed email confirmations to use login attempt user
...
Negates the need for a public confirmation resend form
since we can instead just send direct to the last session login attempter.
2024-05-20 17:23:15 +01:00
69af9e0dbd
Routes: Added throttling to a range of auth-related endpoints
...
Some already throttled in some means, but this adds a simple ip-based
non-request-specific layer to many endpoints.
Related to #4993
2024-05-20 14:00:58 +01:00
5c28bcf865
Registration: Reviewed added simple honeypot, added testing
...
Also cleaned up old RegistrationController syntax.
Review of #4970
2024-05-04 13:59:41 +01:00
8e3f8de627
Notifications: Reorgranised classes into domain specific folders
...
Closes #4500
2023-09-11 19:27:36 +01:00
295cd01605
Played around with a new app structure
2023-05-17 17:56:55 +01:00
a1b1f8138a
Updated email confirmation flow so confirmation is done via POST
...
To avoid non-user GET requests (Such as those from email scanners)
auto-triggering the confirm submission. Made auto-submit the form via
JavaScript in this extra added step with user-link backup to keep
existing user flow experience.
Closes #3797
2022-11-12 15:11:59 +00:00
90b4257889
Split out registration and pw-reset tests methods
2022-09-22 17:15:15 +01:00
Dan Brown