mirror of
https://github.com/getgrav/grav-plugin-admin.git
synced 2025-11-01 02:46:04 +01:00
aa4f80eec1
* Better isolate admin to prevent session related vulnerabilities * Removed support for custom login redirects for improved security * Shorten forgot password link lifetime from 7 days to 1 hour * Fixed login related pages being accessible from admin when user has logged in * Fixed admin user creation and password reset allowing unsafe passwords * Fixed missing validation when registering the first admin user * Fixed reset password email not to have session specific token in it
20 lines
292 B
Markdown
20 lines
292 B
Markdown
---
|
|
title: Forgot password
|
|
expires: 0
|
|
access:
|
|
admin.login: false
|
|
|
|
forms:
|
|
admin-login-forgot:
|
|
type: admin
|
|
method: post
|
|
|
|
fields:
|
|
username:
|
|
type: text
|
|
placeholder: PLUGIN_ADMIN.USERNAME
|
|
autofocus: true
|
|
validate:
|
|
required: true
|
|
---
|